01Nissan discloses employee data breach linked to Oracle zero-day attacks
02Malicious Perplexity Chrome Extension Intercepted Searches and Address Bar Input
03Chromium extension uses AI‑related branding to redirect browser search
04U.S. offers $10 million for hackers targeting WhatsApp, Signal users
05Critical SimpleHelp flaw exploited to deploy new stealer malware
06Hackers now exploit critical Oracle E-Business flaw in attacks
07236,000 DCloud Uni-App Sites Used in Crypto Scams, Phishing, and Wallet Drainers
08Gamaredon Expands Ukraine Attacks with New Malware and Cloud Service Abuse
09The Gentlemen are knocking: сustom backdoors and evolving tactics
10Microsoft Removes 119 Edge Extensions That Hid Malware in Images and Fonts
11Public PoC Released for Critical libssh2 CVE-2026-55200 Client-Side SSH Flaw
12Hijacked npm and Go Packages Use VS Code Tasks to Deploy Python Infostealer
13Snyk VulnBench JS 1.0: Can LLMs Find the Same Bugs Twice?
14Ukraine Says Russian Intelligence Used Fake Support Texts to Steal Messaging Credentials
15FBI Warns Russian Intelligence Hackers Target Signal Backup Recovery Keys
16CISA sets urgent deadline to fix Cisco flaw exploited in attacks
17Threat Brief: Mitigating Large-Scale Credential Attacks
18New SharkLoader Malware Deploys Cobalt Strike in StrikeShark Cyberattacks
19Polymarket customers lose $3 million in supply-chain attack
20Top Koi alternatives in 2026
21Chinese-Speaking APT Deploys New TinyRCT Backdoor in Southeast Asia Campaign
22Multiple @immobiliarelabs Backstage Plugins Compromised on npm
23New Linux pedit COW Exploit Enables Root Access by Poisoning Cached Binaries
24Amazon Q Developer Flaw Could Let Malicious Repos Run Code via MCP Configs
25CISA Adds Exploited PTC Windchill RCE Flaw to KEV as Web Shell Attacks Continue
26New DirtyClone Linux Kernel Flaw Lets Local Users Gain Root via Cloned Packets
27Miasma Malware Targets npm Packages and GitHub Actions in Supply Chain Attack
28Packagist is now protected by Aikido Intel and other updates to the PHP registry
29Google Details Turla's New STOCKSTAY Backdoor Used in Ukraine Espionage Attacks
30Photo ZIP campaign targeting hospitality industry delivers Node.js implant for persistent access
31CL-STA-1062 Targets Southeast Asian Governments and Critical Infrastructure
32Beyond IOCs: AI-enabled threat intelligence
33Microsoft a Leader in The Forrester Wave™ for Endpoint Management Platforms
34Maven Support Comes to GitHub Checks and OSS Package Search
3515 Malicious JetBrains Plugins Stole AI API Keys from 70,000 Developers
36Chrome Ad Blocker with 10M+ Installs Found with Dormant Script Injection Capability
37New Gaslight macOS Malware Uses Prompt Injection to Disrupt AI-Assisted Analysis
38New Mistic Backdoor Linked to KongTuke in ClickFix and ModeloRAT Campaigns
39Mass npm Supply Chain Attack: 20 Leo Platform Packages Compromised
40Gamaredon in 2025: Leveraging tunnels, workers, dead drops, and new alliances
41Cisco Catalyst SD-WAN Zero-Day CVE-2026-20245 Exploited to Gain Root Access
42simonecorsi/mawesome GitHub Action has been compromised
43codfish/semantic-release-action GitHub Action has been compromised
44Everybody's shipping code they can't read
45NVD in the AI Era: The Case for Multi-Source Vulnerability Intelligence
46Compromised GitHub action codfish/semantic-release-action steals CI/CD secrets
47CNAPP evolution: How Microsoft aligns with leading cloud risk management platforms
48CISA Warns Critical Lantronix EDS5000 Flaw Is Being Actively Exploited
49Amadey and StealC Malware Network Disrupted, 27M Stolen Credentials Recovered
50Cordyceps CI/CD Flaws Expose 300+ GitHub Repositories to Supply-Chain Attacks
51StrikeShark: investigating a new campaign delivering Cobalt Strike through SharkLoader
52Cisco Unified CM Flaw Exploited After PoC Reveals File-Write Path to Root
53OpenClaw’s Skill Marketplace and the Emerging AI Supply Chain Threat
54macOS.Gaslight | Rust Backdoor Turns Prompt Injection on the Analyst, Not the Sandbox
55FortiBleed Targeted FortiGate Firewalls in 110 Million-Credential Harvesting Operation
56Fake AI Agent Skill Passed Security Scans and Reportedly Reached 26,000 Agents
57GitHub Updates actions/checkout to Block Common Pwn Request Attack Patterns
58Malicious npm Packages Pose as PostCSS Tools to Deliver Windows RAT
59WhatsApp VBScript Campaign Uses Fake Documents to Install ManageEngine RMM Tool
60What nearly 10,000 developer environments reveal about agentic development risk
61OpenAI Expands Daybreak With GPT-5.5-Cyber to Help Defenders Patch Security Flaws
62When a vendor's breach becomes yours: lessons from the Klue incident
63The Global Namespace Risk: Universal Bucket Hijacking Technique for Cloud Data Exfiltration
64Guarding AI memory
65ShapedPlugin WordPress Pro Plugins Backdoored in Supply Chain Attack
6629-Year-Old Squid Proxy Bug 'Squidbleed' Can Leak Cleartext HTTP Requests
67Researchers Detail DifyTap Flaws in Dify That Could Expose AI Chats Across Tenants
68One intrusion, two cyberattackers: Uncovering parallel threat activity
69New OXLOADER Loader Uses Malicious Google Ads to Deliver CastleStealer
70A VBScript campaign distributed through WhatsApp deploying RMM software
71[GHSA / CRITICAL] GHSA-h3m5-97jq-qjrf: OpenRemote Manager: removeAlarms cross-realm IDOR (bulk delete)
72[GHSA / CRITICAL] CVE-2026-55447: Langflow: BaseFileComponent-based nodes arbitrary file read with RCE exploit
73[GHSA / CRITICAL] CVE-2026-55255: Langflow: IDOR Vulnerability in `/api/v1/responses` Endpoint Allows Authenticated Attackers to Access Another User's Flow
74[GHSA / CRITICAL] CVE-2026-55791: Craft CMS: Blind SSRF and Arbitrary JavaScript Injection via Host Header Poisoning in actionResourceJs
75[GHSA / CRITICAL] GHSA-wfqx-gjrf-g28r: Crossplane: Signature verification TOCTOU allows installing unverified package content via mutable tag
76[GHSA / CRITICAL] GHSA-c8qj-jx8j-fg2w: DotVVM: Missing authorization in AuthorizeActionFilter
77[GHSA / CRITICAL] CVE-2026-54051: Network-AI: Improper Neutralization of Special Elements used in an OS Command
78[GHSA / CRITICAL] CVE-2026-48814: Network-AI: CVE-2026-46701 fix incomplete — empty default secret still authorizes all requests
79AutoJack: How a single page can RCE the host running your AI agent
80[GHSA / CRITICAL] CVE-2026-0755: gemini-mcp-tool vulnerable to OS command injection and @file exfiltration via prompt quoting (CVE-2026-0755)
81Close Encounters of the Human Kind
82[GHSA / CRITICAL] GHSA-r253-r9jw-qg44: Crawl4AI: Unauthenticated RCE via Chromium launch-argument injection in browser_config.extra_args
83[GHSA / CRITICAL] GHSA-2jq4-q6vv-4cp3: Crawl4AI: Arbitrary file write (path traversal) in crawler downloads can lead to RCE
84[GHSA / CRITICAL] GHSA-gfj5-979r-92pw: @acastellon/auth: Authentication bypass via spoofable headers in validateToken()
85[GHSA / CRITICAL] GHSA-hxpf-9xvq-wph8: netlicensing-mcp: REST Path Traversal Bypasses Token Redaction
86[GHSA / CRITICAL] CVE-2026-11718: googleapis/mcp-toolbox: authentication bypass vulnerability in the generic opaque token validation path (validateOpaqueToken)
87[GHSA / CRITICAL] CVE-2026-54003: Kirby: External Initialization of the Panel on reverse proxy setups with the `Forwarded` header
88[GHSA / CRITICAL] GHSA-f38v-77qj-h4jq: praisonai-platform 0.1.4 still boots on the hardcoded JWT secret dev-secret-change-me (default-open production guard)
89[GHSA / CRITICAL] GHSA-29w3-p9w9-wc47: PraisonAI: Arbitrary File Read/Write via `multiedit` Tool Without Path Validation
90[GHSA / CRITICAL] GHSA-j4f3-55x4-r6q2: npm PraisonAI MCPServer exposes unauthenticated HTTP tools/call
91[GHSA / CRITICAL] GHSA-9752-mhqh-h34f: npm PraisonAI AgentOS exposes unauthenticated agent listing and invocation
92[GHSA / CRITICAL] GHSA-p69m-4f92-2v84: PraisonAI: Remote Code Execution via Sandbox Escape in `codeMode` Tool
93[GHSA / CRITICAL] GHSA-vmmj-pfw7-fjwp: npm PraisonAI codeMode sandbox escape via Function constructor
94[GHSA / CRITICAL] GHSA-p75f-6fp4-p57w: PraisonAI: Missing Authentication for Critical Function and Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in praiso
95[GHSA / CRITICAL] GHSA-892r-p3jq-jp24: PraisonAI: AgentOS remains unauthenticated after incomplete fix version and allows remote agent invocation
96[GHSA / CRITICAL] GHSA-x8cv-xmq7-p8xp: PraisonAI AgentTeam.launch exposes unauthenticated remote agent listing and invocation endpoints
97[GHSA / CRITICAL] GHSA-fq2m-6wqh-x44g: PraisonAI: Jobs API exposes agent-execution endpoints with no authentication
98[GHSA / CRITICAL] GHSA-j4hj-7hfh-g2f4: praisonai: recipe serve auth middleware silently disables itself when no secret is set
99[GHSA / CRITICAL] GHSA-4869-x4pr-q22x: PraisonAI: Unauthenticated RCE via Jobs API + Approval Bypass
100[GHSA / CRITICAL] GHSA-x227-pf99-vffg: PraisonAI: MCP SSE transport binds 0.0.0.0 with no authentication and no Origin validation; bundled SecurityConfig is never wired in
101[GHSA / CRITICAL] CVE-2026-55742: Cotonti: Cross-Site Request Forgery in the administration rights handler
102Mastra npm Supply Chain Attack: 140+ Packages Backdoored via easy-day-js Typosquat
103Prevent npm and Python Supply Chain Attacks on Developer Machines with Package Configs
104400+ AUR Packages Hijacked: What the “Atomic Arch” Campaign Means for Supply-Chain Security
105Miasma and Hades Are Spreading Now: Detect Them on Developer Machines with Suspicious Files
106Killing me gently: Inside Gentlemen’s EDR killer framework
107The full Snyk AI Security Platform, free for open source maintainers
108From package to postinstall payload: Inside the Mastra npm supply chain compromise by Sapphire Sleet
109CISA KEV: CVE-2026-20253 — Splunk Enterprise Missing Authentication for Critical Function Vulnerability
110[GHSA / CRITICAL] CVE-2026-55471: HAPI FHIR: XXE in XsltUtilities.saxonTransform via unhardened Saxon TransformerFactory
111[GHSA / CRITICAL] CVE-2026-55450: Langflow: Unauthenticated file upload leads to DoS (space exhaustion) and information leak
112Over 140 popular Mastra npm Packages Hit by Supply Chain Attack
113From China with tenderness
114[GHSA / CRITICAL] CVE-2026-49980: Rclone: Unauthenticated command execution in `rclone rcd --rc-serve` via inline remote instantiation, bypassing CVE-2026-41179 fix
115[GHSA / CRITICAL] CVE-2026-49468: LiteLLM: Authentication Bypass via Host Header Injection
116A Forgotten Contributor Account Compromised the Entire Mastra npm Package Scope
117[GHSA / CRITICAL] CVE-2026-54157: LobeHub: Unauthenticated SSRF in `/webapi/proxy`
118[GHSA / CRITICAL] GHSA-365w-hqf6-vxfg: Crawl4AI: Multiple Docker API Vulnerabilities - File Write, SSRF, Auth Bypass, XSS, JS Execution
119[GHSA / CRITICAL] CVE-2026-53753: Crawl4AI: AST Sandbox Escape via gi_frame.f_back Chain - Pre-Auth RCE in Docker API
120Multiple JetBrains IDE plugins caught stealing AI keys
121[GHSA / CRITICAL] CVE-2026-48746: vLLM: OpenAI auth bypass
122[GHSA / CRITICAL] CVE-2026-48519: Langflow: Unauthenticated RCE in Shareable Playgrounds
123Pickle in the Middle – Hijacking Vertex AI Model Uploads for Cross-Tenant RCE
124Dozens of malicious wallpapers found on Steam Workshop: gamers’ accounts at risk
125FishMonger’s arsenal upgraded: SprySOCKS for Windows
126CISA KEV: CVE-2026-48907 — Widget Factory Joomla Content Editor Improper Access Control Vulnerability
127Inside the Modern SOC: The 72-Minute Race
128[GHSA / CRITICAL] CVE-2026-53633: Vitest Browser: Exposed Browser Mode API Can Proxy CDP and Overwrite Config Files, Leading to RCE
129EvilTokens: A phishing attack that doesn’t steal your password
130The Government Just Banned an AI Model. An Engineer's Perspective.
131CISA KEV: CVE-2026-54420 — LiteSpeed cPanel Plugin UNIX Symbolic Link (Symlink) Following Vulnerability
132CISA KEV: CVE-2026-20262 — Cisco Catalyst SD-WAN Manager Directory or Path Traversal Vulnerability
133When a Government Pulls an AI Model: What the Fable 5 and Mythos 5 Suspension Means for Security Teams
134Tracing Digital Intent: New MacOS Tahoe 26 Artifact Discovered
135[GHSA / CRITICAL] CVE-2026-48150: Budibase: Workspace-scoped builder escalates to global admin via /api/public/v1/roles/assign
1365 Socket security alternatives and why they are better
137CISA KEV: CVE-2026-35273 — Oracle PeopleSoft Enterprise PeopleTools Missing Authentication for Critical Function Vulnerability
138A tale of two eras
139[GHSA / CRITICAL] CVE-2026-48062: CodeIgniter4 has a validation bypass when uploading file extensions via `ext_in` rule
140npm v12 delivers one of the biggest security improvements in years
141[GHSA / CRITICAL] CVE-2026-48039: Meta Ads MCP: Unauthenticated HTTP MCP Tool Execution Leaks Operator Meta Access Token
142OceanLotus: From external espionage to domestic targeting
143CISA KEV: CVE-2026-10520 — Ivanti Sentry OS Command Injection Vulnerability
144[GHSA / CRITICAL] CVE-2026-48063: Baileys has message upsert / hist sync spoofing and app state corruption when using maliciously crafted protocolMessage payload
145Code is being written everywhere, and the device is the only constant
146[GHSA / CRITICAL] CVE-2026-48031: Go Restful API Boilerplate: Hardcoded JWT Secret "random" Allows Token Forgery
147Compromised Rust crate onering performs code exfiltration
14810 year old critical vulnerability in phpBB affecting tens of millions of users across thousands of forums
149[GHSA / CRITICAL] CVE-2026-48030: Pheditor: OS Command Injection in terminal handler via unsanitized 'dir' parameter
150Blinding the Watchmen: Abusing Cloud Logging Services for Defense Evasion and Visibility
151[GHSA / CRITICAL] CVE-2026-8467: PhoenixStorybook: Unauthenticated remote code execution via HEEx template injection in phoenix_storybook playground
152Microsoft Patch Tuesday for June 2026 — Snort rules and prominent vulnerabilities
153Pythagora-io/gpt-pilot Compromised on GitHub - Shai-Hulud Credential Stealer Blocked by Python Linter
154Miasma Worm Hits Microsoft Again: Azure Functions Action and 72 Other Repositories Disabled After Supply Chain Attack Targeting AI Coding Agents
155Threat Brief: Active Exploitation of PAN-OS CVE-2026-0257
156Wait, binding.gyp Can Do What? Exploring npm's Weirdest Build System
157CISA KEV: CVE-2026-11645 — Google Chromium V8 Out-of-Bounds Read and Write Vulnerability
158CISA KEV: CVE-2026-7473 — Arista Extensible Operating System Incomplete Comparison with Missing Factors Vulnerability
159CISA KEV: CVE-2026-20245 — Cisco Catalyst SD-WAN Manager Improper Encoding or Escaping of Output Vulnerability
160[GHSA / CRITICAL] CVE-2026-47724: nebula-mesh: API endpoints lack ownership checks, enabling cross-operator privilege escalation
161[GHSA / CRITICAL] CVE-2026-47252: Anyquery: AppleScript/JXA Code Injection via Unescaped URL in macOS Chrome Plugin
162When “Hi, This Is IT” Comes Through Microsoft Teams
163[GHSA / CRITICAL] CVE-2026-45034: PHPSpreadsheet has a patch bypass for CVE-2026-34084
164[GHSA / CRITICAL] CVE-2026-47430: Cordova Plugin InAppBrowser: iOS: Arbitrary Cordova callback IDs can be dispatched without validation from InAppBrowser WebViews.
165CISA KEV: CVE-2026-42271 — BerriAI LiteLLM Command Injection Vulnerability
166CISA KEV: CVE-2026-50751 — Check Point Security Gateway Improper Authentication Vulnerability
167[GHSA / CRITICAL] CVE-2026-47744: Shopper: Authorization bypass and RBAC privilege escalation in team settings
168[GHSA / CRITICAL] CVE-2026-47731: NASA AMMOS Instrument Toolkit: Path traversal resulting in arbitrary file append (can be triggered over the network by unauthenticated attacker)
169[GHSA / CRITICAL] CVE-2026-47670: Authenticated Remote Code Execution via loadReader functionName code injection in DbGate
170[GHSA / CRITICAL] CVE-2026-47669: DbGate: Zip Slip in archive/unzip allows arbitrary file write leading to RCE
171[GHSA / CRITICAL] CVE-2026-47668: DbGate: Unauthenticated Remote Code Execution via JSON Script Runner
172CISA KEV: CVE-2026-28318 — SolarWinds Serv-U Uncontrolled Resource Consumption Vulnerability
173[GHSA / CRITICAL] CVE-2026-47708: MCP-for-Stata: Command injection via log_file_name parameter in Stata command wrapper
174[GHSA / CRITICAL] GHSA-jpvj-wpmj-h7rv: Supply chain compromise via malicious @cap-js/openapi
175[GHSA / CRITICAL] GHSA-8whc-2wmv-ww35: WWBN AVideo: Unauthenticated Stored DOM Cross-Site Scripting via Per-Client Metadata Broadcast in YPTSocket Plugin
176Reporting from Vegas: Networking, AI, and good boys
177Miasma npm Supply Chain Attack: Self-Spreading Worm via Phantom Gyp
178Hypotheses, telemetry, and human judgment: Inside Cisco Talos Threat Hunting
179Node-gyp Supply Chain Compromise: A Self-Propagating npm Worm That Hides in binding.gyp
180So You Have an AI Security Budget. Now what?
181Type Level Security: The future of secure AI code generation?
182[GHSA / CRITICAL] CVE-2026-44182: Jupyter Enterprise Gateway: Kubernetes Manifest Injection in Jinja2 Template Rendering
183[GHSA / CRITICAL] CVE-2026-44181: Jupyter Enterprise Gateway: Jinja2 Template Server Side Template Injection resulting in Remote Code Execution
184[GHSA / CRITICAL] CVE-2026-44180: Jupyter Enterprise Gateway: ContainerProcessProxy._enforce_prohibited_ids Bypass
185Argamal: Malware hidden in hentai games
186The New Security Risks of the Agentic Development Lifecycle
187CISA KEV: CVE-2026-45247 — Mirasvit Full Page Cache Warmer Deserialization of Untrusted Data Vulnerability
188Why EDR and proxy won’t save you from supply chain malware
189The npm Threat Landscape: Attack Surface and Mitigations (Updated June 2)
190Multiple redhat-cloud-services npm Packages compromised
191Laravel-Lang Supply Chain Attack: Every Tag Across Multiple Composer Packages Rewritten to Steal CI Secrets
192Nx Console VS Code Extension Compromised
193Operation FlutterBridge: macOS Malvertising Campaign Spreads New FlutterShell Backdoor
194Protestware by open source maintainer to hinder agentic coding: The jqwik 1.10.0 Prompt Injection
195CISA KEV: CVE-2022-0492 — Linux Kernel Improper Authentication Vulnerability
196CISA KEV: CVE-2025-48595 — Android Framework Integer Overflow Vulnerability
197[GHSA / CRITICAL] CVE-2026-47413: praisonai-platform: Any workspace member can add arbitrary user as owner via POST /workspaces/{id}/members
198[GHSA / CRITICAL] CVE-2026-47429: When Vitest UI server is listening, arbitrary file can be read and executed
199Containers on fire: from container escapes to supply chain attacks
200Miasma supply chain attack: malicious code found in @redhat-cloud-services npm packages
201CISA KEV: CVE-2024-21182 — Oracle WebLogic Server Unspecified Vulnerability
202[GHSA / CRITICAL] CVE-2026-47416: praisonai-platform: Any workspace member can promote themselves or others to owner via PATCH /workspaces/{id}/members/{user_id}
203[GHSA / CRITICAL] CVE-2026-47410: praisonai-platform: JWT signing key defaults to hardcoded "dev-secret-change-me", allowing token forgery for any user when PLATFORM_ENV is unset
204[GHSA / CRITICAL] CVE-2026-47407: PraisonAI Platform has a cross-workspace IDOR + member-role privilege escalation
205[GHSA / CRITICAL] CVE-2026-47391: PraisonAI's unauthenticated A2A official example can reach real LLM-driven `eval()` tool execution
206[GHSA / CRITICAL] CVE-2026-47392: PraisonAI vulnerable to sandbox escape via `print.__self__` builtins module leak in `execute_code` (subprocess mode)
207[GHSA / CRITICAL] CVE-2026-47393: PraisonAI `deploy --type api` emits a Flask server with authentication disabled by default
208[GHSA / CRITICAL] CVE-2026-47140: NodeVM builtin denylist bypass via process and inspector/promises allows host code execution
209[GHSA / CRITICAL] CVE-2026-47210: vm2 sandbox escape via JSPI-backed Promise `.finally()` species bypass
210[GHSA / CRITICAL] CVE-2026-47137: vm2 has a CVE-2023-37903 patch bypass: nesting:true without explicit require still allows full RCE
211[GHSA / CRITICAL] CVE-2026-47208: vm2 is Vulnerable to Sandbox Breakout Through Promise Species
212What’s in the container? Analyzing vulnerabilities, risks and protection with Kaspersky Container Security and the KIRA AI assistant
213Fix SCA issues at scale in your terminal with Snyk Remediation Agent in the CLI
214How Relay Network Adopted AI Coding Securely and Built the Foundation for Agentic Development
215CISA KEV: CVE-2026-0257 — Palo Alto Networks PAN-OS Authentication Bypass Vulnerability
216Less panic patching, more precision
217What MDM can't protect on developer machines (and what to do about it)
2182026 World Cup: Discussing The World’s Biggest Game’s Attack Surface
219ESET APT Activity Report Q4 2025–Q1 2026
220Pirates in the crosshairs: how one cybercrime gang has been infecting book, movie, and TV show fans for years
221Out of the Crypt: The Evolving Cyber Extortion Economy
222Legitimate-Looking Codex Remote UI Secretly Steals Your AI Tokens
223CISA KEV: CVE-2026-48027 — Nx Console Embedded Malicious Code Vulnerability
224CISA KEV: CVE-2026-45321 — TanStack Unspecified Vulnerability
225CISA KEV: CVE-2026-8398 — Daemon Tools Lite Embedded Malicious Code Vulnerability
226Why developer machines are now the number one target for supply chain attacks
227BTMOB: A stealthy RAT burrowing deep into Android devices
228CISA KEV: CVE-2026-48172 — LiteSpeed cPanel Plugin Privilege Escalation Vulnerability
229Laravel Lang Supply Chain Advisory
230Supply Chain Attack Targets Laravel-Lang Packages with Credential Stealer
231Megalodon: Mass GitHub Actions Secret Exfiltration Across 5,500+ Public Repositories
232Foul play: Fake FIFA websites target soccer fans looking for World Cup tickets, merchandise
233CISA KEV: CVE-2026-9082 — Drupal Core SQL Injection Vulnerability
234The art of being ungovernable
2355 Supply Chain Attacks in 48 Hours: Why Securing One Layer Is Not Enough
236CISA KEV: CVE-2025-34291 — Langflow Origin Validation Error Vulnerability
237CISA KEV: CVE-2026-34926 — Trend Micro Apex One (On-Premise) Directory Traversal Vulnerability
238Dev Machine Guard Now Supports Linux
239The Wild West of VS Code extensions and how a poisoned extension breached GitHub
240GitHub breached via a malicious VS Code extension: why developer devices are the real target
241Webworm: New burrowing techniques
242CISA KEV: CVE-2008-4250 — Microsoft Windows Buffer Overflow Vulnerability
243CISA KEV: CVE-2009-1537 — Microsoft DirectX NULL Byte Overwrite Vulnerability
244CISA KEV: CVE-2009-3459 — Adobe Acrobat and Reader Heap-Based Buffer Overflow Vulnerability
245CISA KEV: CVE-2010-0249 — Microsoft Internet Explorer Use-After-Free Vulnerability
246CISA KEV: CVE-2026-41091 — Microsoft Defender Link Following Vulnerability
247CISA KEV: CVE-2026-45498 — Microsoft Defender Denial of Service Vulnerability
248The AntV Supply Chain Campaign Expands: Microsoft's `durabletask` PyPI Package Compromised
249Microsoft's durabletask package on PyPi Compromised. Mini Shai Hulud attacks again... again!
250Mini Shai-Hulud strikes again: npm worm compromises hundreds of @antv packages
251actions-cool/issues-helper GitHub Action Compromised: All Tags Point to Imposter Commit That Exfiltrates CI/CD Credentials
252Active Supply Chain Attack: Malicious node-ipc Versions Published to npm
253Mini Shai-Hulud Hits AntV: 300+ Malicious npm Packages Published via Compromised Maintainer Account
254Malicious node-ipc versions published to npm in suspected maintainer account compromise
255CISA KEV: CVE-2026-42897 — Microsoft Exchange Server Cross-Site Scripting Vulnerability
256FrostyNeighbor: Fresh mischief and digital shenanigans
257CISA KEV: CVE-2026-20182 — Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability
258TeamPCP's Mini Shai-Hulud Is Back: A Self-Spreading Supply Chain Attack Compromises TanStack npm Packages
259Mini Shai-Hulud Is Back: npm Worm Hits over 160 Packages, including Mistral and Tanstack
260TanStack Npm Packages Compromised Inside The Mini Shai Hulud Supply Chain Attack
261CISA KEV: CVE-2026-42208 — BerriAI LiteLLM SQL Injection Vulnerability
262PCPJack | Cloud Worm Evicts TeamPCP and Steals Credentials at Scale
263Fake call logs, real payments: How CallPhantom tricks Android users
264CISA KEV: CVE-2026-6973 — Ivanti Endpoint Manager Mobile (EPMM) Improper Input Validation Vulnerability
265EasterBunny: advanced espionage artifacts attributed to APT29
266CISA KEV: CVE-2026-0300 — Palo Alto Networks PAN-OS Out-of-bounds Write Vulnerability
267Security metamorphosis: a Mythos-ready architecture checklist for autonomous AI attacks
268A rigged game: ScarCruft compromises gaming platform in a supply-chain attack
269Shai-Hulud Worm Pivots to Multi-Cloud: intercom-client@7.0.4 Hijacked — 361,000 Weekly Downloads, AWS, GCP, and Azure Credentials Now in Scope
270elementary-data Compromised on PyPI and GHCR: Forged Release Pushed via GitHub Actions Script Injection
271Bitwarden CLI Hijacked on npm: Bun-Staged Credential Stealer Targets Developers, GitHub Actions, and AI Tools
272CanisterSprawl: pgserve Compromised on npm: Malicious Versions Harvest Credentials and Exfiltrate to a Decentralized ICP Canister
273CISA KEV: CVE-2026-31431 — Linux Kernel Incorrect Resource Transfer Between Spheres Vulnerability
274Popular PyTorch Lightning Package Compromised by Mini Shai-Hulud
275lightning PyPI Compromise: A Bun-Based Credential Stealer in Python
276CISA KEV: CVE-2026-41940 — WebPros cPanel & WHM and WP2 (WordPress Squared) Missing Authentication for Critical Function Vulnerability
277Mini Shai-Hulud Targets SAP npm Packages With a Bun-Based Secret Stealer
278Someone published four versions of a fake "tanstack" package in 27 minutes to steal your .env files
279"A Mini Shai-Hulud Has Appeared": Bun-Based Stealer Hits SAP @cap-js and mbt npm Packages
280Bridging the Gap to Autonomous Fixes: Snyk and Atlassian Unveil Intelligent Remediation for Jira
281Don't Panic: The Thymeleaf Template Injection That Only Hurts If You Let It (CVE-2026-40478)
282CISA KEV: CVE-2024-1708 — ConnectWise ScreenConnect Path Traversal Vulnerability
283CISA KEV: CVE-2026-32202 — Microsoft Windows Protection Mechanism Failure Vulnerability
284Malicious Release of elementary-data PyPI Package Steals Cloud Credentials from Data Engineers
285Qinglong task scheduler RCE vulnerabilities exploited in the wild for cryptomining
286It's time to treat browser extensions like supply chain attack vectors
287CISA KEV: CVE-2025-29635 — D-Link DIR-823X Command Injection Vulnerability
288CISA KEV: CVE-2024-7399 — Samsung MagicINFO 9 Server Path Traversal Vulnerability
289CISA KEV: CVE-2024-57728 — SimpleHelp Path Traversal Vulnerability
290CISA KEV: CVE-2024-57726 — SimpleHelp Missing Authorization Vulnerability
291fast16 | Mystery Shadow Brokers Reference Reveals High-Precision Software Sabotage 5 Years Before Stuxnet
292Is Shai-Hulud Back? Compromised Bitwarden CLI Contains a Self-Propagating npm Worm
293GopherWhisper: A burrow full of malware
294Hardcoding Security into Every Commit: The Future of Snyk Secrets
295JPMorgan Just Published a Cyber To-Do List and Snyk Covers 8 of the 10 Items. How do you stack up?
296CISA KEV: CVE-2026-39987 — Marimo Remote Code Execution Vulnerability
297GPT-Proxy Backdoor in npm and PyPI turns Servers into Chinese LLM Relays
298CISA KEV: CVE-2026-33825 — Microsoft Defender Insufficient Granularity of Access Control Vulnerability
299New NGate variant hides in a trojanized NFC payment app
300What the ransom note won’t say
301CISA KEV: CVE-2026-20122 — Cisco Catalyst SD-WAN Manager Incorrect Use of Privileged APIs Vulnerability
302CISA KEV: CVE-2026-20133 — Cisco Catalyst SD-WAN Manager Exposure of Sensitive Information to an Unauthorized Actor Vulnerability
303CISA KEV: CVE-2025-2749 — Kentico Xperience Path Traversal Vulnerability
304CISA KEV: CVE-2023-27351 — PaperCut NG/MF Improper Authentication Vulnerability
305CISA KEV: CVE-2025-48700 — Synacor Zimbra Collaboration Suite (ZCS) Cross-site Scripting Vulnerability
306CISA KEV: CVE-2026-20128 — Cisco Catalyst SD-WAN Manager Storing Passwords in a Recoverable Format Vulnerability
307CISA KEV: CVE-2025-32975 — Quest KACE Systems Management Appliance (SMA) Improper Authentication Vulnerability
308CISA KEV: CVE-2024-27199 — JetBrains TeamCity Relative Path Traversal Vulnerability
309Multiple Cross-Site Scripting (XSS) Vulnerabilities in Mailcow
310CISA KEV: CVE-2026-34197 — Apache ActiveMQ Improper Input Validation Vulnerability
311CISA KEV: CVE-2009-0238 — Microsoft Office Remote Code Execution
312CISA KEV: CVE-2026-32201 — Microsoft SharePoint Server Improper Input Validation Vulnerability
313CISA KEV: CVE-2012-1854 — Microsoft Visual Basic for Applications Insecure Library Loading Vulnerability
314CISA KEV: CVE-2025-60710 — Microsoft Windows Link Following Vulnerability
315CISA KEV: CVE-2023-21529 — Microsoft Exchange Server Deserialization of Untrusted Data Vulnerability
316CISA KEV: CVE-2023-36424 — Microsoft Windows Out-of-Bounds Read Vulnerability
317CISA KEV: CVE-2020-9715 — Adobe Acrobat Use-After-Free Vulnerability
318CISA KEV: CVE-2026-21643 — Fortinet FortiClient EMS SQL Injection Vulnerability
319CISA KEV: CVE-2026-34621 — Adobe Acrobat and Reader Prototype Pollution Vulnerability
320Securing Vibe Coding and AI Coding Agents: An End-to-End Approach with StepSecurity
321Governing Security in the Age of Infinite Signal – From Discovery to Control
322@velora-dex/sdk Compromised on npm: Malicious Version Drops macOS Backdoor via launchctl Persistence
323Behind the Scenes: How StepSecurity Detected and Helped Remediate the Largest npm Supply Chain Attack
324axios Compromised on npm - Malicious Versions Drop Remote Access Trojan
325Dev Machine Guard Is Now Open Source: See What's Really Running on Your Developer Machine
326hackerbot-claw: An AI-Powered Bot Actively Exploiting GitHub Actions - Microsoft, DataDog, and CNCF Projects Hit So Far
327Cline Supply Chain Attack Detected: cline@2.3.0 Silently Installs OpenClaw
328GlassWorm goes native: New Zig dropper infects every IDE on your machine
329Aikido Attack finds multiple 0-days in Hoppscotch
330CISA KEV: CVE-2026-1340 — Ivanti Endpoint Manager Mobile (EPMM) Code Injection Vulnerability
331As breakout time accelerates, prevention-first cybersecurity takes center stage
332CISA KEV: CVE-2026-35616 — Fortinet FortiClient EMS Improper Access Control Vulnerability
333Malicious IoliteLabs VSCode Extensions Target Solidity Developers on Windows, macOS, and Linux with Backdoor
334TeamPCP Plants WAV Steganography Credential Stealer in telnyx PyPI Package
335You Patched LiteLLM, But Do You Know Your AI Blast Radius?
336CISA KEV: CVE-2026-3502 — TrueConf Client Download of Code Without Integrity Check Vulnerability
337CISA KEV: CVE-2026-5281 — Google Dawn Use-After-Free Vulnerability
338Axios npm Package Compromised: Supply Chain Attack Delivers Cross-Platform RAT
339axios compromised on npm: maintainer account hijacked, RAT deployed
340CISA KEV: CVE-2026-3055 — Citrix NetScaler Out-of-Bounds Read Vulnerability
341litellm: Credential Stealer Hidden in PyPI Wheel
342Popular telnyx package compromised on PyPI by TeamPCP
343A cunning predator: How Silver Fox preys on Japanese firms this tax season
344CISA KEV: CVE-2025-53521 — F5 BIG-IP Stack-Based Buffer Overflow Vulnerability
345Checkmarx KICS GitHub Action Compromised: Malware Injected in All Git Tags
346CanisterWorm: How a Self-Propagating npm Worm Is Spreading Backdoors Across the Ecosystem
347Trivy Compromised a Second Time - Malicious v0.69.4 Release, aquasecurity/setup-trivy, aquasecurity/trivy-action GitHub Actions Compromised
348bittensor-wallet 4.0.2 Compromised on PyPI - Backdoor Exfiltrates Private Keys
349Malicious npm Releases Found in Popular React Native Packages - 130K+ Monthly Downloads Compromised
350Malicious Polymarket Bot Hides in Hijacked dev-protocol GitHub Org and Steals Wallet Keys
351ForceMemo: Hundreds of GitHub Python Repos Compromised via Account Takeover and Force-Push
352xygeni-action Compromised: C2 Reverse Shell Backdoor Injected via Tag Poisoning
353CISA KEV: CVE-2026-33634 — Aquasecurity Trivy Embedded Malicious Code Vulnerability
354CISA KEV: CVE-2026-33017 — Langflow Code Injection Vulnerability
355Cloud workload security: Mind the gaps
356How a Poisoned Security Scanner Became the Key to Backdooring LiteLLM
357CanisterWorm Gets Teeth: TeamPCP's Kubernetes Wiper Targets Iran
358TeamPCP deploys CanisterWorm on NPM following Trivy compromise
359CISA KEV: CVE-2025-32432 — Craft CMS Code Injection Vulnerability
360CISA KEV: CVE-2025-54068 — Laravel Livewire Code Injection Vulnerability
361CISA KEV: CVE-2025-43510 — Apple Multiple Products Improper Locking Vulnerability
362CISA KEV: CVE-2025-43520 — Apple Multiple Products Classic Buffer Overflow Vulnerability
363EDR killers explained: Beyond the drivers
364AI Is Building Your Attack Surface. Are You Testing It?
365CISA KEV: CVE-2026-20131 — Cisco Secure Firewall Management Center (FMC) Software and Cisco Security Cloud Control (SCC) Firewall Management Deserialization of Untrusted Data Vulnerability
366GlassWorm Hides a RAT Inside a Malicious Chrome Extension
367fast-draft Open VSX Extension Compromised by BlokTrooper
368CISA KEV: CVE-2025-66376 — Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting Vulnerability
369CISA KEV: CVE-2026-20963 — Microsoft SharePoint Deserialization of Untrusted Data Vulnerability
370I Read Cursor's Security Agent Prompts, So You Don't Have To
371Securing the Agent Skills Registry: How Snyk and Tessl Are Setting the Standard
372Glassworm Strikes Popular React Native Phone Number Packages
373CISA KEV: CVE-2025-47813 — Wing FTP Server Information Disclosure Vulnerability
374Glassworm Is Back: A New Wave of Invisible Unicode Attacks Hits Hundreds of Repositories
375Face value: What it takes to fool facial recognition
376DRILLAPP: new backdoor targeting Ukrainian entities with possible links to Laundry Bear
377CISA KEV: CVE-2026-3910 — Google Chromium V8 Improper Restriction of Operations Within the Bounds of a Memory Buffer Vulnerability
378CISA KEV: CVE-2026-3909 — Google Skia Out-of-Bounds Write Vulnerability
379Cyber fallout from the Iran war: What to have on your radar
380kubernetes-el Compromised: How a Pwn Request Exploited a Popular Emacs Package
381CISA KEV: CVE-2025-68613 — n8n Improper Control of Dynamically-Managed Code Resources Vulnerability
382Sednit reloaded: Back in the trenches
383CISA KEV: CVE-2021-22054 — Omnissa Workspace ONE Server-Side Request Forgery
384CISA KEV: CVE-2025-26399 — SolarWinds Web Help Desk Deserialization of Untrusted Data Vulnerability
385CISA KEV: CVE-2026-1603 — Ivanti Endpoint Manager (EPM) Authentication Bypass Vulnerability
386How SMBs use threat research and MDR to build a defensive edge
387CISA KEV: CVE-2017-7921 — Hikvision Multiple Products Improper Authentication Vulnerability
388CISA KEV: CVE-2021-22681 — Rockwell Multiple Products Insufficient Protected Credentials Vulnerability
389CISA KEV: CVE-2023-43000 — Apple Multiple products Use-After-Free Vulnerability
390CISA KEV: CVE-2021-30952 — Apple Multiple Products Integer Overflow or Wraparound Vulnerability
391Protecting education: How MDR can tip the balance in favor of schools
392The 89% Problem: How LLMs Are Resurrecting the "Dormant Majority" of Open Source
393Persistent XSS/RCE using WebSockets in Storybook’s dev server
394CISA KEV: CVE-2026-22719 — Broadcom VMware Aria Operations Command Injection Vulnerability
395CISA KEV: CVE-2026-21385 — Qualcomm Multiple Chipsets Memory Corruption Vulnerability
396How StepSecurity Caught a Release Storm in Microsoft’s @types Packages
397Harden Runner Now Supports Windows and macOS GitHub Actions Runners
398PlugX Meeting Invitation via MSBuild and GDATA
399CISA KEV: CVE-2022-20775 — Cisco SD-WAN Path Traversal Vulnerability
400CISA KEV: CVE-2026-20127 — Cisco Catalyst SD-WAN Controller and Manager Authentication Bypass Vulnerability
401The Rise of the AI Security Engineer: A New Discipline for an AI-Native World
402Snyk and uv, Better Together
403CISA KEV: CVE-2026-25108 — Soliton Systems K.K FileZen OS Command Injection Vulnerability
404Astro Full-Read SSRF via Host Header Injection
405Claude Code Security: A Welcome Evolution in the Remediation Loop
406CISA KEV: CVE-2025-49113 — RoundCube Webmail Deserialization of Untrusted Data Vulnerability
407CISA KEV: CVE-2025-68461 — RoundCube Webmail Cross-site Scripting Vulnerability
408SvelteSpill: A Cache Deception Bug in SvelteKit + Vercel
409PromptSpy ushers in the era of Android threats using GenAI
410How “Clinejection” Turned an AI Bot into a Supply Chain Attack
411CISA KEV: CVE-2021-22175 — GitLab Server-Side Request Forgery (SSRF) Vulnerability
412CISA KEV: CVE-2026-22769 — Dell RecoverPoint for Virtual Machines (RP4VMs) Use of Hard-coded Credentials Vulnerability
413Aikido recognized as Platform Leader in Latio Tech's 2026 Application Security Report
414Securing the Agent Skill Ecosystem: How Snyk and Vercel Are Locking Down the New Software Supply Chain
415Weaving Security into the Flow: New Snyk Studio Capabilities Power the AI Security Fabric
416CISA KEV: CVE-2020-7796 — Synacor Zimbra Collaboration Suite (ZCS) Server-Side Request Forgery Vulnerability
417CISA KEV: CVE-2024-7694 — TeamT5 ThreatSonar Anti-Ransomware Unrestricted Upload of File with Dangerous Type Vulnerability
418CISA KEV: CVE-2008-0015 — Microsoft Windows Video ActiveX Control Remote Code Execution Vulnerability
419CISA KEV: CVE-2026-2441 — Google Chromium CSS Use-After-Free Vulnerability
420From detection to prevention: How Zen stops IDOR vulnerabilities at runtime
421npm backdoor lets hackers hijack gambling outcomes
42210,000 Open-Source Projects Now Secured by Harden-Runner Community-Tier: A Milestone Three Years in the Making
42320+ Popular NPM Packages Compromised (Chalk, Debug, Strip-ANSI, Color-Convert, Wrap-ANSI...)
4242024 in Review: The Evolution of CI/CD Security & What's Next
425Operation MacroMaze: new APT28 campaign using basic tooling and legit infrastructure
426CISA KEV: CVE-2026-1731 — BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA) OS Command Injection Vulnerability
427Naming and shaming: How ransomware groups tighten the screws on victims
428Exploitability Isn’t the Answer. Breakability Is.
429The Future of AI Agent Security Is Guardrails
430CISA KEV: CVE-2026-20700 — Apple Multiple Buffer Overflow Vulnerability
431CISA KEV: CVE-2024-43468 — Microsoft Configuration Manager SQL Injection Vulnerability
432CISA KEV: CVE-2025-15556 — Notepad++ Download of Code Without Integrity Check Vulnerability
433CISA KEV: CVE-2025-40536 — SolarWinds Web Help Desk Security Control Bypass Vulnerability
434StepSecurity Detects Early Supply Chain Risk Signals in kilocode npm
435Another npm Supply Chain Attack: The 'is' Package Compromise
436Harden-Runner detection: tj-actions/changed-files action is compromised
437Why Your “Skill Scanner” Is Just False Security (and Maybe Malware)
438How a Malicious Google Skill on ClawHub Tricks Users Into Installing Malware
439CISA KEV: CVE-2026-21513 — Microsoft MSHTML Framework Protection Mechanism Failure Vulnerability
440CISA KEV: CVE-2026-21525 — Microsoft Windows NULL Pointer Dereference Vulnerability
441CISA KEV: CVE-2026-21533 — Microsoft Windows Improper Privilege Management Vulnerability
442CISA KEV: CVE-2026-21519 — Microsoft Windows Type Confusion Vulnerability
443CISA KEV: CVE-2026-21514 — Microsoft Office Word Reliance on Untrusted Inputs in a Security Decision Vulnerability
444280+ Leaky Skills: How OpenClaw & ClawHub Are Exposing API Keys and PII
445Snyk Finds Prompt Injection in 36%, 1467 Malicious Payloads in a ToxicSkills Study of Agent Skills Supply Chain Compromise
446CISA KEV: CVE-2025-11953 — React Native Community CLI OS Command Injection Vulnerability
447CISA KEV: CVE-2026-24423 — SmarterTools SmarterMail Missing Authentication for Critical Function Vulnerability
448npx Confusion: Packages That Forgot to Claim Their Own Name
449The Prescriptive Path to Operationalizing AI Security
450CISA KEV: CVE-2021-39935 — GitLab Community and Enterprise Editions Server-Side Request Forgery (SSRF) Vulnerability
451CISA KEV: CVE-2025-64328 — Sangoma FreePBX OS Command Injection Vulnerability
452CISA KEV: CVE-2019-19006 — Sangoma FreePBX Improper Authentication Vulnerability
453CISA KEV: CVE-2025-40551 — SolarWinds Web Help Desk Deserialization of Untrusted Data Vulnerability
454Snyk Advisor is Reshaping Package Intelligence on Snyk Security Database
455DynoWiper update: Technical analysis and attribution
456CISA KEV: CVE-2026-1281 — Ivanti Endpoint Manager Mobile (EPMM) Code Injection Vulnerability
457Love? Actually: Fake dating app used as lure in targeted spyware campaign in Pakistan
458CISA KEV: CVE-2026-24858 — Fortinet Multiple Products Authentication Bypass Using an Alternate Path or Channel Vulnerability
459CISA KEV: CVE-2018-14634 — Linux Kernel Integer Overflow Vulnerability
460CISA KEV: CVE-2025-52691 — SmarterTools SmarterMail Unrestricted Upload of File with Dangerous Type Vulnerability
461CISA KEV: CVE-2026-23760 — SmarterTools SmarterMail Authentication Bypass Using an Alternate Path or Channel Vulnerability
462CISA KEV: CVE-2026-24061 — GNU InetUtils Argument Injection Vulnerability
463CISA KEV: CVE-2026-21509 — Microsoft Office Security Feature Bypass Vulnerability
464ESET Research: Sandworm behind cyberattack on Poland’s power grid in late 2025
465CISA KEV: CVE-2024-37079 — Broadcom VMware vCenter Server Out-of-bounds Write Vulnerability
466CISA KEV: CVE-2025-68645 — Synacor Zimbra Collaboration Suite (ZCS) PHP Remote File Inclusion Vulnerability
467CISA KEV: CVE-2025-34026 — Versa Concerto Improper Authentication Vulnerability
468CISA KEV: CVE-2025-31125 — Vite Vitejs Improper Access Control Vulnerability
469CISA KEV: CVE-2025-54313 — Prettier eslint-config-prettier Embedded Malicious Code Vulnerability
470CISA KEV: CVE-2026-20045 — Cisco Unified Communications Products Code Injection Vulnerability
471ServiceNow's Virtual Agent Vulnerability Shows Why AI Security Needs Traditional AppSec Foundations
472CISA KEV: CVE-2026-20805 — Microsoft Windows Information Disclosure Vulnerability
473CISA KEV: CVE-2025-8110 — Gogs Path Traversal Vulnerability
474Beyond Detection: Building a Resilient Software Supply Chain (Lessons from the Shai-Hulud Post-Mortem)
475Secure by Default: Why Snyk and Augment Code are the New Standard for AI Development
476CISA KEV: CVE-2009-0556 — Microsoft Office PowerPoint Code Injection Vulnerability
477CISA KEV: CVE-2025-37164 — Hewlett Packard Enterprise (HPE) OneView Code Injection Vulnerability
4782025 in Review: The Evolution of Supply Chain Security & What's Next
479The Holiday Whisper: Shai-Hulud 3.0
480CISA KEV: CVE-2025-14847 — MongoDB and MongoDB Server Improper Handling of Length Parameter Inconsistency Vulnerability
481Revisiting CVE-2025-50165: A critical flaw in Windows Imaging Component
482CISA KEV: CVE-2023-52163 — Digiever DS-2105 Pro Missing Authorization Vulnerability
483Evo Adds CycloneDX Support to Give Full AI Visibility
484CISA KEV: CVE-2025-14733 — WatchGuard Firebox Out of Bounds Write Vulnerability
485LongNosedGoblin tries to sniff out governmental affairs in Southeast Asia and Japan
486CISA KEV: CVE-2025-59374 — ASUS Live Update Embedded Malicious Code Vulnerability
487CISA KEV: CVE-2025-40602 — SonicWall SMA1000 Missing Authorization Vulnerability
488CISA KEV: CVE-2025-20393 — Cisco Multiple Products Improper Input Validation Vulnerability
489ESET Threat Report H2 2025
490Old AI Security vs Evo: Watch Agentic Security Replace Weeks of Manual Work
491CISA KEV: CVE-2025-59718 — Fortinet Multiple Products Improper Verification of Cryptographic Signature Vulnerability
492Critical Remote Code Execution Vulnerabilities Discovered in React Server Components and Next.js
493How Harden Runner Detected the Sha1-Hulud Supply Chain Attack in CNCF's Backstage Repository
494Sha1-Hulud: The Second Coming - Zapier, ENS Domains, and Other Prominent NPM Packages Compromised
495Supply Chain Security Alert: eslint-config-prettier Package Shows Signs of Compromise
496CISA KEV: CVE-2025-14611 — Gladinet CentreStack and Triofox Hard Coded Cryptographic Vulnerability
497CISA KEV: CVE-2025-43529 — Apple Multiple Products Use-After-Free WebKit Vulnerability
498CISA KEV: CVE-2018-4063 — Sierra Wireless AirLink ALEOS Unrestricted Upload of File with Dangerous Type Vulnerability
499CISA KEV: CVE-2025-14174 — Google Chromium Out of Bounds Memory Access Vulnerability
500Black Hat Europe 2025: Reputation matters – even in the ransomware economy
501Locks, SOCs and a cat in a box: What Schrödinger can teach us about cybersecurity
502CISA KEV: CVE-2025-58360 — OSGeo GeoServer Improper Restriction of XML External Entity Reference Vulnerability
503How Snyk Helps Federal Agencies Prepare for the Genesis Mission Era of AI-Driven Science
504CISA KEV: CVE-2025-6218 — RARLAB WinRAR Path Traversal Vulnerability
505CISA KEV: CVE-2025-62221 — Microsoft Windows Use After Free Vulnerability
506CISA KEV: CVE-2022-37055 — D-Link Routers Buffer Overflow Vulnerability
507CISA KEV: CVE-2025-66644 — Array Networks ArrayOS AG OS Command Injection Vulnerability
508CISA KEV: CVE-2025-55182 — Meta React Server Components Remote Code Execution Vulnerability
509Security Advisory: Critical RCE Vulnerabilities in React Server Components (CVE-2025-55182)
510Run AutoMCP To Supercharge Your AI Agent with Libraries MCP Servers
511CISA KEV: CVE-2021-26828 — OpenPLC ScadaBR Unrestricted Upload of File with Dangerous Type Vulnerability
512MuddyWater: Snakes by the riverbank
513CISA KEV: CVE-2025-48633 — Android Framework Information Disclosure Vulnerability
514CISA KEV: CVE-2025-48572 — Android Framework Privilege Escalation Vulnerability
515CISA KEV: CVE-2021-26829 — OpenPLC ScadaBR Cross-site Scripting Vulnerability
516Snyk Log Sniffer: AI-Powered Audit Log Insights for Security Leaders
517SHA1-Hulud, npm supply chain incident
518Shai-Hulud: Self-Replicating Worm Compromises 500+ NPM Packages
519CISA KEV: CVE-2025-61757 — Oracle Fusion Middleware Missing Authentication for Critical Function Vulnerability
520Why Threat Modeling Is Now Even More Critical for AI-Native Applications
521PlushDaemon compromises network devices for adversary-in-the-middle attacks
522CISA KEV: CVE-2025-13223 — Google Chromium V8 Type Confusion Vulnerability
523CISA KEV: CVE-2025-58034 — Fortinet FortiWeb OS Command Injection Vulnerability
524CISA KEV: CVE-2025-64446 — Fortinet FortiWeb Path Traversal Vulnerability
525Automated Package-Publication Incident IndonesianFoods in the NPM Ecosystem Linked to Crypto Reward-Farming Scam
526CISA KEV: CVE-2025-12480 — Gladinet Triofox Improper Access Control Vulnerability
527CISA KEV: CVE-2025-62215 — Microsoft Windows Race Condition Vulnerability
528CISA KEV: CVE-2025-9242 — WatchGuard Firebox Out-of-Bounds Write Vulnerability
529Secure by Design: The Future of Threat Modeling for AI-Native Applications
530CISA KEV: CVE-2025-21042 — Samsung Mobile Devices Out-of-Bounds Write Vulnerability
531In memoriam: David Harley
532The who, where, and how of APT attacks in Q2 2025–Q3 2025
533ESET APT Activity Report Q2 2025–Q3 2025
534Sharing is scaring: The WhatsApp scam you didn’t see coming
535Snyk Studio brings security scanning and automated fixes to Factory's Droids
536CISA KEV: CVE-2025-48703 — CWP Control Web Panel OS Command Injection Vulnerability
537CISA KEV: CVE-2025-11371 — Gladinet CentreStack and Triofox Files or Directories Accessible to External Parties Vulnerability
538Ground zero: 5 things to do after discovering a cyberattack
539CISA KEV: CVE-2025-41244 — Broadcom VMware Aria Operations and VMware Tools Privilege Defined with Unsafe Actions Vulnerability
540CISA KEV: CVE-2025-24893 — XWiki Platform Eval Injection Vulnerability
541CISA KEV: CVE-2025-6204 — Dassault Systèmes DELMIA Apriso Code Injection Vulnerability
542CISA KEV: CVE-2025-54236 — Adobe Commerce and Magento Improper Input Validation Vulnerability
543CISA KEV: CVE-2025-59287 — Microsoft Windows Server Update Service (WSUS) Deserialization of Untrusted Data Vulnerability
544Why We Built Evo — From My Heart
545CISA KEV: CVE-2025-61932 — Motex LANSCOPE Endpoint Manager Improper Verification of Source of a Communication Channel Vulnerability
546CISA KEV: CVE-2022-48503 — Apple Multiple Products Unspecified Vulnerability
547CISA KEV: CVE-2025-2746 — Kentico Xperience CMS Authentication Bypass Using an Alternate Path or Channel Vulnerability
548CISA KEV: CVE-2025-33073 — Microsoft Windows SMB Client Improper Access Control Vulnerability
549CISA KEV: CVE-2025-61884 — Oracle E-Business Suite Server-Side Request Forgery (SSRF) Vulnerability
550Snyk and Cognition partner to enhance security for AI-native development
551CISA KEV: CVE-2025-54253 — Adobe Experience Manager Forms Code Execution Vulnerability
552CISA KEV: CVE-2025-47827 — IGEL OS Use of a Key Past its Expiration Date Vulnerability
553CISA KEV: CVE-2025-24990 — Microsoft Windows Untrusted Pointer Dereference Vulnerability
554CISA KEV: CVE-2025-59230 — Microsoft Windows Improper Access Control Vulnerability
555CISA KEV: CVE-2016-7836 — SKYSEA Client View Improper Authentication Vulnerability
556Phishing Campaign Leveraging the NPM Ecosystem
557CISA KEV: CVE-2021-43798 — Grafana Path Traversal Vulnerability
558CISA KEV: CVE-2025-27915 — Synacor Zimbra Collaboration Suite (ZCS) Cross-site Scripting Vulnerability
559CISA KEV: CVE-2021-22555 — Linux Kernel Heap Out-of-Bounds Write Vulnerability
560CISA KEV: CVE-2010-3962 — Microsoft Internet Explorer Uninitialized Memory Corruption Vulnerability
561CISA KEV: CVE-2021-43226 — Microsoft Windows Privilege Escalation Vulnerability
562CISA KEV: CVE-2013-3918 — Microsoft Windows Out-of-Bounds Write Vulnerability
563CISA KEV: CVE-2011-3402 — Microsoft Windows Remote Code Execution Vulnerability
564CISA KEV: CVE-2010-3765 — Mozilla Multiple Products Remote Code Execution Vulnerability
565CISA KEV: CVE-2025-61882 — Oracle E-Business Suite Unspecified Vulnerability
566CISA KEV: CVE-2014-6278 — GNU Bash OS Command Injection Vulnerability
567CISA KEV: CVE-2017-1000353 — Jenkins Remote Code Execution Vulnerability
568CISA KEV: CVE-2015-7755 — Juniper ScreenOS Improper Authentication Vulnerability
569CISA KEV: CVE-2025-21043 — Samsung Mobile Devices Out-of-Bounds Write Vulnerability
570CISA KEV: CVE-2025-4008 — Smartbedded Meteobridge Command Injection Vulnerability
571CISA KEV: CVE-2025-32463 — Sudo Inclusion of Functionality from Untrusted Control Sphere Vulnerability
572CISA KEV: CVE-2025-59689 — Libraesva Email Security Gateway Command Injection Vulnerability
573CISA KEV: CVE-2025-10035 — Fortra GoAnywhere MFT Deserialization of Untrusted Data Vulnerability
574CISA KEV: CVE-2025-20352 — Cisco IOS and IOS XE Software SNMP Denial of Service and Remote Code Execution Vulnerability
575CISA KEV: CVE-2021-21311 — Adminer Server-Side Request Forgery Vulnerability
576Malicious MCP Server on npm postmark-mcp Harvests Emails
577CISA KEV: CVE-2025-20362 — Cisco Secure Firewall Adaptive Security (ASA) Appliance and Secure Firewall Threat Defense (FTD) Missing Authorization Vulnerability
578s1ngularity: Popular Nx Build System Package Compromised with Data-Stealing Malware
579CISA KEV: CVE-2025-10585 — Google Chromium V8 Type Confusion Vulnerability
580GhostAction Campaign: Over 3,000 Secrets Stolen Through Malicious GitHub Workflows
581Zero-day Extensive NPM Package Compromise - Shai Hulud Supply Chain Attack
582CISA KEV: CVE-2025-5086 — Dassault Systèmes DELMIA Apriso Deserialization of Untrusted Data Vulnerability
583npm Supply Chain Attack via Open Source maintainer compromise
584What an 'Aha' Moment with an Org Admin Token Taught One DevSecCon Speaker About AI Security
585CISA KEV: CVE-2025-38352 — Linux Kernel Time-of-Check Time-of-Use (TOCTOU) Race Condition Vulnerability
586CISA KEV: CVE-2025-48543 — Android Runtime Use-After-Free Vulnerability
587CISA KEV: CVE-2025-53690 — Sitecore Multiple Products Deserialization of Untrusted Data Vulnerability
588CISA KEV: CVE-2023-50224 — TP-Link TL-WR841N Authentication Bypass by Spoofing Vulnerability
589CISA KEV: CVE-2025-9377 — TP-Link Archer C7(EU) and TL-WR841N/ND(MS) OS Command Injection Vulnerability
590CISA KEV: CVE-2020-24363 — TP-link TL-WA855RE Missing Authentication for Critical Function Vulnerability
591CISA KEV: CVE-2025-55177 — Meta Platforms WhatsApp Incorrect Authorization Vulnerability
592CISA KEV: CVE-2025-57819 — Sangoma FreePBX Authentication Bypass Vulnerability
593Weaponizing AI Coding Agents for Malware in the Nx Malicious Package Security Incident
594CISA KEV: CVE-2025-7775 — Citrix NetScaler Memory Overflow Vulnerability
595CISA KEV: CVE-2025-48384 — Git Link Following Vulnerability
596CISA KEV: CVE-2024-8068 — Citrix Session Recording Improper Privilege Management Vulnerability
597CISA KEV: CVE-2024-8069 — Citrix Session Recording Deserialization of Untrusted Data Vulnerability
598CISA KEV: CVE-2025-43300 — Apple iOS, iPadOS, and macOS Out-of-Bounds Write Vulnerability
599CISA KEV: CVE-2025-54948 — Trend Micro Apex One OS Command Injection Vulnerability
600CISA KEV: CVE-2025-8876 — N-able N-Central Command Injection Vulnerability
601CISA KEV: CVE-2025-8875 — N-able N-Central Insecure Deserialization Vulnerability
602CISA KEV: CVE-2025-8088 — RARLAB WinRAR Path Traversal Vulnerability
603CISA KEV: CVE-2007-0671 — Microsoft Office Excel Remote Code Execution Vulnerability
604CISA KEV: CVE-2013-3893 — Microsoft Internet Explorer Resource Management Errors Vulnerability
605Meeting the AI Mandates with Confidence: Why Federal Teams Trust Snyk
606Snyk Joins CISA's Secure by Design Pledge
607CISA KEV: CVE-2020-25078 — D-Link DCS-2530L and DCS-2670L Devices Unspecified Vulnerability
608CISA KEV: CVE-2022-40799 — D-Link DNR-322L Download of Code Without Integrity Check Vulnerability
609Secure at Inception: Introducing New Tools for Securing AI-Native Development
610CISA KEV: CVE-2023-2533 — PaperCut NG/MF Cross-Site Request Forgery (CSRF) Vulnerability
611CISA KEV: CVE-2025-20337 — Cisco Identity Services Engine Injection Vulnerability
612Maintainers of ESLint Prettier Plugin Attacked via npm Supply Chain Malware
613CISA KEV: CVE-2025-2775 — SysAid On-Prem Improper Restriction of XML External Entity Reference Vulnerability
614CISA KEV: CVE-2025-6558 — Google Chromium ANGLE and GPU Improper Input Validation Vulnerability
615CISA KEV: CVE-2025-54309 — CrushFTP Unprotected Alternate Channel Vulnerability
616CISA KEV: CVE-2025-49704 — Microsoft SharePoint Code Injection Vulnerability
617Cursor IDE Malware Extension Compromise in $500k Crypto Heist
618CISA KEV: CVE-2025-53770 — Microsoft SharePoint Deserialization of Untrusted Data Vulnerability
619CISA KEV: CVE-2025-25257 — Fortinet FortiWeb SQL Injection Vulnerability
620CISA KEV: CVE-2025-47812 — Wing FTP Server Improper Neutralization of Null Byte or NUL Character Vulnerability
621CISA KEV: CVE-2025-5777 — Citrix NetScaler ADC and Gateway Out-of-Bounds Read Vulnerability
622CISA KEV: CVE-2019-9621 — Synacor Zimbra Collaboration Suite (ZCS) Server-Side Request Forgery (SSRF) Vulnerability
623CISA KEV: CVE-2019-5418 — Rails Ruby on Rails Path Traversal Vulnerability
624CISA KEV: CVE-2016-10033 — PHPMailer Command Injection Vulnerability
625CISA KEV: CVE-2014-3931 — Multi-Router Looking Glass (MRLG) Buffer Overflow Vulnerability
626CISA KEV: CVE-2025-6554 — Google Chromium V8 Type Confusion Vulnerability
627CISA KEV: CVE-2025-48928 — TeleMessage TM SGNL Exposure of Core Dump File to an Unauthorized Control Sphere Vulnerability
628CISA KEV: CVE-2025-48927 — TeleMessage TM SGNL Initialization of a Resource with an Insecure Default Vulnerability
629CISA KEV: CVE-2025-6543 — Citrix NetScaler ADC and Gateway Buffer Overflow Vulnerability
630Understanding CRA Compliance: Overcoming Challenges with an Integrated Security Testing Approach
631CISA KEV: CVE-2019-6693 — Fortinet FortiOS Use of Hard-Coded Credentials Vulnerability
632CISA KEV: CVE-2024-0769 — D-Link DIR-859 Router Path Traversal Vulnerability
633CISA KEV: CVE-2024-54085 — AMI MegaRAC SPx Authentication Bypass by Spoofing Vulnerability
634CISA KEV: CVE-2023-0386 — Linux Kernel Improper Ownership Management Vulnerability
635CISA KEV: CVE-2023-33538 — TP-Link Multiple Routers Command Injection Vulnerability
636CISA KEV: CVE-2025-43200 — Apple Multiple Products Unspecified Vulnerability
637Why ANZ Technology Leaders Are Rethinking How AI, Speed, and Security Intersect
638Finding Software Flaws Early in the Development Process Provides Clear ROI
639CISA KEV: CVE-2025-33053 — Microsoft Windows External Control of File Name or Path Vulnerability
640CISA KEV: CVE-2025-24016 — Wazuh Server Deserialization of Untrusted Data Vulnerability
641CISA KEV: CVE-2024-42009 — RoundCube Webmail Cross-Site Scripting Vulnerability
642CISA KEV: CVE-2025-32433 — Erlang Erlang/OTP SSH Server Missing Authentication for Critical Function Vulnerability
643CISA KEV: CVE-2025-5419 — Google Chromium V8 Out-of-Bounds Read and Write Vulnerability
644CISA KEV: CVE-2025-21479 — Qualcomm Multiple Chipsets Incorrect Authorization Vulnerability
645CISA KEV: CVE-2025-27038 — Qualcomm Multiple Chipsets Use-After-Free Vulnerability
646AI Trust in Action: How Snyk Agent Redefines Secure Development
647CISA KEV: CVE-2021-32030 — ASUS Routers Improper Authentication Vulnerability
648CISA KEV: CVE-2025-3935 — ConnectWise ScreenConnect Improper Authentication Vulnerability
649CISA KEV: CVE-2025-35939 — Craft CMS External Control of Assumed-Immutable Web Parameter Vulnerability
650CISA KEV: CVE-2024-56145 — Craft CMS Code Injection Vulnerability
651CISA KEV: CVE-2023-39780 — ASUS RT-AX55 Routers OS Command Injection Vulnerability
652Snyk Report shows 88% of CISOs are concerned with current state of U.S. cyber readiness
653CISA KEV: CVE-2025-4632 — Samsung MagicINFO 9 Server Path Traversal Vulnerability
654Security Testing for Single-Page Applications (SPAs)
655CISA KEV: CVE-2023-38950 — ZKTeco BioTime Path Traversal Vulnerability
656CISA KEV: CVE-2024-27443 — Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting (XSS) Vulnerability
657CISA KEV: CVE-2025-27920 — Srimax Output Messenger Directory Traversal Vulnerability
658CISA KEV: CVE-2024-11182 — MDaemon Email Server Cross-Site Scripting (XSS) Vulnerability
659CISA KEV: CVE-2025-4428 — Ivanti Endpoint Manager Mobile (EPMM) Code Injection Vulnerability
660CISA KEV: CVE-2025-42999 — SAP NetWeaver Deserialization Vulnerability
661CISA KEV: CVE-2024-12987 — DrayTek Vigor Routers OS Command Injection Vulnerability
662CISA KEV: CVE-2025-32756 — Fortinet Multiple Products Stack-Based Buffer Overflow Vulnerability
663CISA KEV: CVE-2025-32709 — Microsoft Windows Ancillary Function Driver for WinSock Use-After-Free Vulnerability
664CISA KEV: CVE-2025-30397 — Microsoft Windows Scripting Engine Type Confusion Vulnerability
665CISA KEV: CVE-2025-32706 — Microsoft Windows Common Log File System (CLFS) Driver Heap-Based Buffer Overflow Vulnerability
666CISA KEV: CVE-2025-30400 — Microsoft Windows DWM Core Library Use-After-Free Vulnerability
667Snyk @ RSAC 2025
668CISA KEV: CVE-2025-47729 — TeleMessage TM SGNL Hidden Functionality Vulnerability
669CISA KEV: CVE-2024-11120 — GeoVision Devices OS Command Injection Vulnerability
670CISA KEV: CVE-2025-27363 — FreeType Out-of-Bounds Write Vulnerability
671Learn About Open Source Security Risks With the New Snyk Learn Learning Path
672CISA KEV: CVE-2025-3248 — Langflow Missing Authentication Vulnerability
673CISA KEV: CVE-2025-34028 — Commvault Command Center Path Traversal Vulnerability
674CISA KEV: CVE-2024-58136 — Yiiframework Yii Improper Protection of Alternate Path Vulnerability
675Secure AI-Generated Code at Speed with Snyk and ServiceNow
676CISA KEV: CVE-2024-38475 — Apache HTTP Server Improper Escaping of Output Vulnerability
677CISA KEV: CVE-2023-44221 — SonicWall SMA100 Appliances OS Command Injection Vulnerability
678CISA KEV: CVE-2025-31324 — SAP NetWeaver Unrestricted File Upload Vulnerability
679Black Hat Asia 2025: My Journey as a Reviewer, Speaker & Community Connector
680CISA KEV: CVE-2025-1976 — Broadcom Brocade Fabric OS Code Injection Vulnerability
681CISA KEV: CVE-2025-42599 — Qualitia Active! Mail Stack-Based Buffer Overflow Vulnerability
682CISA KEV: CVE-2025-3928 — Commvault Web Server Unspecified Vulnerability
683CISA KEV: CVE-2025-24054 — Microsoft Windows NTLM Hash Disclosure Spoofing Vulnerability
684CISA KEV: CVE-2025-31201 — Apple Multiple Products Arbitrary Read and Write Vulnerability
685CISA KEV: CVE-2025-31200 — Apple Multiple Products Memory Corruption Vulnerability
686CISA KEV: CVE-2021-20035 — SonicWall SMA100 Appliances OS Command Injection Vulnerability
687CISA KEV: CVE-2024-53150 — Linux Kernel Out-of-Bounds Read Vulnerability
688CISA KEV: CVE-2025-29824 — Microsoft Windows Common Log File System (CLFS) Driver Use-After-Free Vulnerability
689CISA KEV: CVE-2025-30406 — Gladinet CentreStack and Triofox Use of Hard-coded Cryptographic Key Vulnerability
690CISA KEV: CVE-2025-31161 — CrushFTP Authentication Bypass Vulnerability
691CISA KEV: CVE-2025-22457 — Ivanti Connect Secure, Policy Secure, and ZTA Gateways Stack-Based Buffer Overflow Vulnerability
692CISA KEV: CVE-2025-24813 — Apache Tomcat Path Equivalence Vulnerability
693CISA KEV: CVE-2024-20439 — Cisco Smart Licensing Utility Static Credential Vulnerability
694CISA KEV: CVE-2025-2783 — Google Chromium Mojo Sandbox Escape Vulnerability
695CISA KEV: CVE-2019-9875 — Sitecore CMS and Experience Platform (XP) Deserialization Vulnerability
696CISA KEV: CVE-2025-30154 — reviewdog/action-setup GitHub Action Embedded Malicious Code Vulnerability
697CVE-2025-29927 Authorization Bypass in Next.js Middleware
698CISA KEV: CVE-2017-12637 — SAP NetWeaver Directory Traversal Vulnerability
699CISA KEV: CVE-2024-48248 — NAKIVO Backup and Replication Absolute Path Traversal Vulnerability
700CISA KEV: CVE-2025-1316 — Edimax IC-7100 IP Camera OS Command Injection Vulnerability
701Unburdening Developers From Vulnerability Fatigue with Snyk Delta Findings
702CISA KEV: CVE-2025-30066 — tj-actions/changed-files GitHub Action Embedded Malicious Code Vulnerability
703CISA KEV: CVE-2025-24472 — Fortinet FortiOS and FortiProxy Authentication Bypass Vulnerability
704Reconstructing the TJ Actions Changed Files GitHub Actions Compromise
705CISA KEV: CVE-2025-21590 — Juniper Junos OS Improper Isolation or Compartmentalization Vulnerability
706CISA KEV: CVE-2025-24201 — Apple Multiple Products WebKit Out-of-Bounds Write Vulnerability
707Snyk Helps Secure the Golang Bento Project
708CISA KEV: CVE-2025-24993 — Microsoft Windows NTFS Heap-Based Buffer Overflow Vulnerability
709CISA KEV: CVE-2025-24991 — Microsoft Windows NTFS Out-Of-Bounds Read Vulnerability
710CISA KEV: CVE-2025-24985 — Microsoft Windows Fast FAT File System Driver Integer Overflow Vulnerability
711CISA KEV: CVE-2025-24983 — Microsoft Windows Win32k Use-After-Free Vulnerability
712CISA KEV: CVE-2025-26633 — Microsoft Windows Management Console (MMC) Improper Neutralization Vulnerability
713CISA KEV: CVE-2024-13161 — Ivanti Endpoint Manager (EPM) Absolute Path Traversal Vulnerability
714CISA KEV: CVE-2024-57968 — Advantive VeraCore Unrestricted File Upload Vulnerability
715CISA KEV: CVE-2025-25181 — Advantive VeraCore SQL Injection Vulnerability
716Can Snyk Detect JWT Security Issues?
717CISA KEV: CVE-2025-22226 — VMware ESXi, Workstation, and Fusion Information Disclosure Vulnerability
718CISA KEV: CVE-2025-22225 — VMware ESXi Arbitrary Write Vulnerability
719CISA KEV: CVE-2025-22224 — VMware ESXi and Workstation TOCTOU Race Condition Vulnerability
720CISA KEV: CVE-2024-50302 — Linux Kernel Use of Uninitialized Resource Vulnerability
721CISA KEV: CVE-2024-4885 — Progress WhatsUp Gold Path Traversal Vulnerability
722CISA KEV: CVE-2018-8639 — Microsoft Windows Win32k Improper Resource Shutdown or Release Vulnerability
723CISA KEV: CVE-2022-43769 — Hitachi Vantara Pentaho BA Server Special Element Injection Vulnerability
724CISA KEV: CVE-2023-20118 — Cisco Small Business RV Series Routers Command Injection Vulnerability
725Solving Security Challenges with Snyk Code and Symbolic AI
726CISA KEV: CVE-2023-34192 — Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting (XSS) Vulnerability
727CISA KEV: CVE-2024-49035 — Microsoft Partner Center Improper Access Control Vulnerability
728CISA KEV: CVE-2024-20953 — Oracle Agile Product Lifecycle Management (PLM) Deserialization Vulnerability
729CISA KEV: CVE-2017-3066 — Adobe ColdFusion Deserialization Vulnerability
730CISA KEV: CVE-2025-24989 — Microsoft Power Pages Improper Access Control Vulnerability
731Snyk’s Fetch the Flag CTF is More Than Just a CTF
732CISA KEV: CVE-2025-0111 — Palo Alto Networks PAN-OS File Read Vulnerability
733CISA KEV: CVE-2025-23209 — Craft CMS Code Injection Vulnerability
734CISA KEV: CVE-2025-0108 — Palo Alto Networks PAN-OS Authentication Bypass Vulnerability
735CISA KEV: CVE-2024-53704 — SonicWall SonicOS SSLVPN Improper Authentication Vulnerability
736CISA KEV: CVE-2024-57727 — SimpleHelp Path Traversal Vulnerability
737Do not pass GO - Malicious Package Alert
738CISA KEV: CVE-2025-24200 — Apple iOS and iPadOS Incorrect Authorization Vulnerability
739CISA KEV: CVE-2024-41710 — Mitel SIP Phones Argument Injection Vulnerability
740CISA KEV: CVE-2024-40891 — Zyxel DSL CPE OS Command Injection Vulnerability
741CISA KEV: CVE-2025-21418 — Microsoft Windows Ancillary Function Driver for WinSock Heap-Based Buffer Overflow Vulnerability
742CISA KEV: CVE-2025-21391 — Microsoft Windows Storage Link Following Vulnerability
743CISA KEV: CVE-2025-0994 — Trimble Cityworks Deserialization Vulnerability
744Consolidate Security Findings with Snyk and Google Security Command Center
745CISA KEV: CVE-2020-15069 — Sophos XG Firewall Buffer Overflow Vulnerability
746CISA KEV: CVE-2020-29574 — CyberoamOS (CROS) SQL Injection Vulnerability
747CISA KEV: CVE-2024-21413 — Microsoft Outlook Improper Input Validation Vulnerability
748CISA KEV: CVE-2022-23748 — Dante Discovery Process Control Vulnerability
749CISA KEV: CVE-2025-0411 — 7-Zip Mark of the Web Bypass Vulnerability
750Creating SBOMs with the Snyk CLI
751CISA KEV: CVE-2024-53104 — Linux Kernel Out-of-Bounds Write Vulnerability
752CISA KEV: CVE-2018-19410 — Paessler PRTG Network Monitor Local File Inclusion Vulnerability
753CISA KEV: CVE-2018-9276 — Paessler PRTG Network Monitor OS Command Injection Vulnerability
754CISA KEV: CVE-2024-29059 — Microsoft .NET Framework Information Disclosure Vulnerability
755CISA KEV: CVE-2024-45195 — Apache OFBiz Forced Browsing Vulnerability
756CISA KEV: CVE-2025-24085 — Apple Multiple Products Use-After-Free Vulnerability
757CISA KEV: CVE-2025-23006 — SonicWall SMA1000 Appliances Deserialization Vulnerability
758CISA KEV: CVE-2020-11023 — JQuery Cross-Site Scripting (XSS) Vulnerability
759Understanding the EU’s Cyber Resilience Act (CRA)
760CISA KEV: CVE-2024-50603 — Aviatrix Controllers OS Command Injection Vulnerability
761Snyk Recognized as Trusted Partner and Innovator by JPMorganChase
762CISA KEV: CVE-2025-21335 — Microsoft Windows Hyper-V NT Kernel Integration VSP Use-After-Free Vulnerability
763CISA KEV: CVE-2024-55591 — Fortinet FortiOS and FortiProxy Authentication Bypass Vulnerability
764CISA KEV: CVE-2023-48365 — Qlik Sense HTTP Tunneling Vulnerability
765CISA KEV: CVE-2024-12686 — BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) OS Command Injection Vulnerability
766Securing GenAI Development with Snyk
767CISA KEV: CVE-2025-0282 — Ivanti Connect Secure, Policy Secure, and ZTA Gateways Stack-Based Buffer Overflow Vulnerability
768CISA KEV: CVE-2020-2883 — Oracle WebLogic Server Unspecified Vulnerability
769CISA KEV: CVE-2024-55550 — Mitel MiCollab Path Traversal Vulnerability
770CISA KEV: CVE-2024-3393 — Palo Alto Networks PAN-OS Malicious DNS Packet Vulnerability
771Did You Make the *Security* Naughty or Nice List This Year?
772CISA KEV: CVE-2021-44207 — Acclaim Systems USAHERDS Use of Hard-Coded Credentials Vulnerability
773CISA KEV: CVE-2024-12356 — BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) Command Injection Vulnerability
774CISA KEV: CVE-2021-40407 — Reolink RLC-410W IP Camera OS Command Injection Vulnerability
775CISA KEV: CVE-2019-11001 — Reolink Multiple IP Cameras OS Command Injection Vulnerability
776CISA KEV: CVE-2022-23227 — NUUO NVRmini2 Devices Missing Authentication Vulnerability
777CISA KEV: CVE-2018-14933 — NUUO NVRmini Devices OS Command Injection Vulnerability
778CISA KEV: CVE-2024-55956 — Cleo Multiple Products Unauthenticated File Upload Vulnerability
779CISA KEV: CVE-2024-35250 — Microsoft Windows Kernel-Mode Driver Untrusted Pointer Dereference Vulnerability
780CISA KEV: CVE-2024-20767 — Adobe ColdFusion Improper Access Control Vulnerability
781CISA KEV: CVE-2024-50623 — Cleo Multiple Products Unrestricted File Upload Vulnerability
782Snyk’s risk-based approach to prioritization
783Ultralytics AI Pwn Request Supply Chain Attack
784CISA KEV: CVE-2024-49138 — Microsoft Windows Common Log File System (CLFS) Driver Heap-Based Buffer Overflow Vulnerability
785Snyk-Generated SBOMs Now Include License Details for the Open Source Libraries in Your Projects
786CISA KEV: CVE-2024-51378 — CyberPanel Incorrect Default Permissions Vulnerability
7872024 Open Source Security Report: Slowing Progress and New Challenges for DevSecOps
788CISA KEV: CVE-2024-11667 — Zyxel Multiple Firewalls Path Traversal Vulnerability
789CISA KEV: CVE-2024-11680 — ProjectSend Improper Authentication Vulnerability
790CISA KEV: CVE-2023-45727 — North Grid Proself Improper Restriction of XML External Entity (XXE) Reference Vulnerability
791Empowering women in security: The impact of mentorship
792Why a solid DevOps foundation is vital for effective DevSecOps
793CISA KEV: CVE-2023-28461 — Array Networks AG and vxAG ArrayOS Missing Authentication for Critical Function Vulnerability
794CISA KEV: CVE-2024-21287 — Oracle Agile Product Lifecycle Management (PLM) Incorrect Authorization Vulnerability
795CISA KEV: CVE-2024-44309 — Apple Multiple Products Cross-Site Scripting (XSS) Vulnerability
796CISA KEV: CVE-2024-44308 — Apple Multiple Products Code Execution Vulnerability
797CISA KEV: CVE-2024-38813 — VMware vCenter Server Privilege Escalation Vulnerability
798CISA KEV: CVE-2024-38812 — VMware vCenter Server Heap-Based Buffer Overflow Vulnerability
799CISA KEV: CVE-2024-9474 — Palo Alto Networks PAN-OS Management Interface OS Command Injection Vulnerability
800CISA KEV: CVE-2024-1212 — Progress Kemp LoadMaster OS Command Injection Vulnerability
801Understanding command injection vulnerabilities in Go
802CISA KEV: CVE-2024-9465 — Palo Alto Networks Expedition SQL Injection Vulnerability
803How ASPM boosts visibility to manage application risk
804CISA KEV: CVE-2021-26086 — Atlassian Jira Server and Data Center Path Traversal Vulnerability
805CISA KEV: CVE-2014-2120 — Cisco Adaptive Security Appliance (ASA) Cross-Site Scripting (XSS) Vulnerability
806CISA KEV: CVE-2021-41277 — Metabase GeoJSON API Local File Inclusion Vulnerability
807CISA KEV: CVE-2024-43451 — Microsoft Windows NTLMv2 Hash Disclosure Spoofing Vulnerability
808CISA KEV: CVE-2024-49039 — Microsoft Windows Task Scheduler Privilege Escalation Vulnerability
809CISA KEV: CVE-2019-16278 — Nostromo nhttpd Directory Traversal Vulnerability
810CISA KEV: CVE-2024-51567 — CyberPanel Incorrect Default Permissions Vulnerability
811CISA KEV: CVE-2024-43093 — Android Framework Privilege Escalation Vulnerability
812CISA KEV: CVE-2024-5910 — Palo Alto Networks Expedition Missing Authentication Vulnerability
813CISA KEV: CVE-2024-8956 — PTZOptics PT30X-SDI/NDI Cameras Authentication Bypass Vulnerability
814Lottie Player npm package compromised for crypto wallet theft
815CISA KEV: CVE-2024-37383 — RoundCube Webmail Cross-Site Scripting (XSS) Vulnerability
816CISA KEV: CVE-2024-20481 — Cisco ASA and FTD Denial-of-Service Vulnerability
817CISA KEV: CVE-2024-47575 — Fortinet FortiManager Missing Authentication Vulnerability
818CISA KEV: CVE-2024-38094 — Microsoft SharePoint Deserialization Vulnerability
819CISA KEV: CVE-2024-9537 — ScienceLogic SL1 Unspecified Vulnerability
820CISA KEV: CVE-2024-40711 — Veeam Backup and Replication Deserialization Vulnerability
821CISA KEV: CVE-2024-28987 — SolarWinds Web Help Desk Hardcoded Credential Vulnerability
822CISA KEV: CVE-2024-9680 — Mozilla Firefox Use-After-Free Vulnerability
823CISA KEV: CVE-2024-30088 — Microsoft Windows Kernel TOCTOU Race Condition Vulnerability
824Foundations of trust: Securing the future of AI-generated code
825CISA KEV: CVE-2024-9380 — Ivanti Cloud Services Appliance (CSA) OS Command Injection Vulnerability
826CISA KEV: CVE-2024-23113 — Fortinet Multiple Products Format String Vulnerability
827CISA KEV: CVE-2024-43573 — Microsoft Windows MSHTML Platform Spoofing Vulnerability
828CISA KEV: CVE-2024-43572 — Microsoft Windows Management Console Remote Code Execution Vulnerability
829CISA KEV: CVE-2024-43047 — Qualcomm Multiple Chipsets Use-After-Free Vulnerability
830The mysterious supply chain concern of string-width-cjs npm package
831CISA KEV: CVE-2024-45519 — Synacor Zimbra Collaboration Suite (ZCS) Command Execution Vulnerability
832Proactive AppSec continuous vulnerability management for developers and security teams
833CISA KEV: CVE-2024-29824 — Ivanti Endpoint Manager (EPM) SQL Injection Vulnerability
834Going beyond reachability to prioritize what matters most
835CISA KEV: CVE-2019-0344 — SAP Commerce Cloud Deserialization of Untrusted Data Vulnerability
836CISA KEV: CVE-2020-15415 — DrayTek Multiple Vigor Routers OS Command Injection Vulnerability
837CISA KEV: CVE-2023-25280 — D-Link DIR-820 Router OS Command Injection Vulnerability
838Zero-day RCE vulnerability found in CUPS - Common UNIX Printing System
839Promise queues and batching concurrent tasks in Deno
840Identifying insecure C Code with Valgrind and fixing with Snyk Code
841CISA KEV: CVE-2024-7593 — Ivanti Virtual Traffic Manager Authentication Bypass Vulnerability
842CISA KEV: CVE-2024-8963 — Ivanti Cloud Services Appliance (CSA) Path Traversal Vulnerability
843CISA KEV: CVE-2020-14644 — Oracle WebLogic Server Remote Code Execution Vulnerability
844CISA KEV: CVE-2022-21445 — Oracle ADF Faces Deserialization of Untrusted Data Vulnerability
845CISA KEV: CVE-2020-0618 — Microsoft SQL Server Reporting Services Remote Code Execution Vulnerability
846CISA KEV: CVE-2024-27348 — Apache HugeGraph-Server Improper Access Control Vulnerability
847Meet Snyk for Government: Our developer security solution with FedRAMP ATO
848CISA KEV: CVE-2014-0502 — Adobe Flash Player Double Free Vulnerablity
849CISA KEV: CVE-2013-0648 — Adobe Flash Player Code Execution Vulnerability
850CISA KEV: CVE-2013-0643 — Adobe Flash Player Incorrect Default Permissions Vulnerability
851Want to avoid a data breach? Employ secrets detection
852CISA KEV: CVE-2024-6670 — Progress WhatsUp Gold SQL Injection Vulnerability
853CISA KEV: CVE-2024-43461 — Microsoft Windows MSHTML Platform Spoofing Vulnerability
854CISA KEV: CVE-2024-8190 — Ivanti Cloud Services Appliance OS Command Injection Vulnerability
855CISA KEV: CVE-2024-38217 — Microsoft Windows Mark of the Web (MOTW) Protection Mechanism Failure Vulnerability
856CISA KEV: CVE-2024-38014 — Microsoft Windows Installer Improper Privilege Management Vulnerability
857CISA KEV: CVE-2024-40766 — SonicWall SonicOS Improper Access Control Vulnerability
858CISA KEV: CVE-2017-1000253 — Linux Kernel PIE Stack Buffer Corruption Vulnerability
859CISA KEV: CVE-2016-3714 — ImageMagick Improper Input Validation Vulnerability
860What you should know about PHP code security
861CISA KEV: CVE-2024-7262 — Kingsoft WPS Office Path Traversal Vulnerability
862CISA KEV: CVE-2021-20124 — Draytek VigorConnect Path Traversal Vulnerability
863The persistent threat: Why major vulnerabilities like Log4Shell and Spring4Shell remain significant
864CISA KEV: CVE-2024-7965 — Google Chromium V8 Inappropriate Implementation Vulnerability
865CISA KEV: CVE-2024-38856 — Apache OFBiz Incorrect Authorization Vulnerability
866A developer’s best friend: Lessons learned from our canine companions about AI code security
867CISA KEV: CVE-2024-7971 — Google Chromium V8 Type Confusion Vulnerability
868CISA KEV: CVE-2024-39717 — Versa Director Dangerous File Type Upload Vulnerability
869Three trends shaping software supply chain security today
870CISA KEV: CVE-2021-31196 — Microsoft Exchange Server Information Disclosure Vulnerability
871CISA KEV: CVE-2022-0185 — Linux Kernel Heap-Based Buffer Overflow Vulnerability
872CISA KEV: CVE-2021-33045 — Dahua IP Camera Authentication Bypass Vulnerability
873CISA KEV: CVE-2024-23897 — Jenkins Command Line Interface (CLI) Path Traversal Vulnerability
874CISA KEV: CVE-2024-28986 — SolarWinds Web Help Desk Deserialization of Untrusted Data Vulnerability
875Vulnerabilities in NodeJS C/C++ add-on extensions
876CISA KEV: CVE-2024-38107 — Microsoft Windows Power Dependency Coordinator Privilege Escalation Vulnerability
877CISA KEV: CVE-2024-38193 — Microsoft Windows Ancillary Function Driver for WinSock Privilege Escalation Vulnerability
878CISA KEV: CVE-2024-38213 — Microsoft Windows SmartScreen Security Feature Bypass Vulnerability
879CISA KEV: CVE-2024-38178 — Microsoft Windows Scripting Engine Memory Corruption Vulnerability
880CISA KEV: CVE-2024-38189 — Microsoft Project Remote Code Execution Vulnerability
881A security expert’s view on Gartner’s generative AI insights - Part 2
882CISA KEV: CVE-2024-32113 — Apache OFBiz Path Traversal Vulnerability
883CISA KEV: CVE-2024-36971 — Android Kernel Remote Code Execution Vulnerability
884CISA KEV: CVE-2018-0824 — Microsoft COM for Windows Deserialization of Untrusted Data Vulnerability
885A denial of service Regex breaks FastAPI security
886CISA KEV: CVE-2024-37085 — VMware ESXi Authentication Bypass Vulnerability
887CISA KEV: CVE-2023-45249 — Acronis Cyber Infrastructure (ACI) Insecure Default Password Vulnerability
888CISA KEV: CVE-2024-5217 — ServiceNow Incomplete List of Disallowed Inputs Vulnerability
889CISA KEV: CVE-2024-4879 — ServiceNow Improper Input Validation Vulnerability
890CISA KEV: CVE-2024-39891 — Twilio Authy Information Disclosure Vulnerability
891CISA KEV: CVE-2012-4792 — Microsoft Internet Explorer Use-After-Free Vulnerability
89210 Dimensions of Python Static Analysis
893CISA KEV: CVE-2022-22948 — VMware vCenter Server Incorrect Default File Permissions Vulnerability
894CISA KEV: CVE-2024-28995 — SolarWinds Serv-U Path Traversal Vulnerability
895CISA KEV: CVE-2024-34102 — Adobe Commerce and Magento Open Source Improper Restriction of XML External Entity Reference (XXE) Vulnerability
896CISA KEV: CVE-2024-36401 — OSGeo GeoServer GeoTools Eval Injection Vulnerability
897A stepping stone towards holistic application risk and compliance management of the Digital Operational Resiliency Act (DORA)
898CISA KEV: CVE-2024-23692 — Rejetto HTTP File Server Improper Neutralization of Special Elements Used in a Template Engine Vulnerability
899CISA KEV: CVE-2024-38080 — Microsoft Windows Hyper-V Privilege Escalation Vulnerability
900CISA KEV: CVE-2024-38112 — Microsoft Windows MSHTML Platform Spoofing Vulnerability
901CISA KEV: CVE-2024-20399 — Cisco NX-OS Command Injection Vulnerability
902Polyfill supply chain attack embeds malware in JavaScript CDN assets
903CISA KEV: CVE-2020-13965 — Roundcube Webmail Cross-Site Scripting (XSS) Vulnerability
904CISA KEV: CVE-2022-2586 — Linux Kernel Use-After-Free Vulnerability
905CISA KEV: CVE-2022-24816 — OSGeo GeoServer JAI-EXT Code Injection Vulnerability
906Finding and fixing exposed hardcoded secrets in your GitHub project with Snyk
907Why ASPM is the future of AppSec: Key points from our newest whitepaper
908Automate security controls from development to production on Google Cloud
909CISA KEV: CVE-2024-4358 — Progress Telerik Report Server Authentication Bypass by Spoofing Vulnerability
910CISA KEV: CVE-2024-26169 — Microsoft Windows Error Reporting Service Improper Privilege Management Vulnerability
911CISA KEV: CVE-2024-32896 — Android Pixel Privilege Escalation Vulnerability
912Essential Node.js backend examples for developers in 2024
913CISA KEV: CVE-2024-4577 — PHP-CGI OS Command Injection Vulnerability
914CISA KEV: CVE-2024-4610 — Arm Mali GPU Kernel Driver Use-After-Free Vulnerability
915Securing next-gen development: Lessons from Trust Bank and TASConnect
916CISA KEV: CVE-2017-3506 — Oracle WebLogic Server OS Command Injection Vulnerability
917CISA KEV: CVE-2024-1086 — Linux Kernel Use-After-Free Vulnerability
918CISA KEV: CVE-2024-24919 — Check Point Quantum Security Gateways Information Disclosure Vulnerability
91910 modern Node.js runtime features to start using in 2024
920CISA KEV: CVE-2024-4978 — Justice AV Solutions (JAVS) Viewer Installer Embedded Malicious Code Vulnerability
921Fastify plugins as building blocks for a backend Node.js API
922CISA KEV: CVE-2024-5274 — Google Chromium V8 Type Confusion Vulnerability
923CISA KEV: CVE-2020-17519 — Apache Flink Improper Access Control Vulnerability
924Preventing broken access control in express Node.js applications
925CISA KEV: CVE-2024-4947 — Google Chromium V8 Type Confusion Vulnerability
926CISA KEV: CVE-2023-43208 — NextGen Healthcare Mirth Connect Deserialization of Untrusted Data Vulnerability
927CISA KEV: CVE-2024-4761 — Google Chromium V8 Out-of-Bounds Memory Write Vulnerability
928CISA KEV: CVE-2021-40655 — D-Link DIR-605 Router Information Disclosure Vulnerability
929CISA KEV: CVE-2014-100005 — D-Link DIR-600 Router Cross-Site Request Forgery (CSRF) Vulnerability
930Symmetric vs. asymmetric encryption: Practical Python examples
931CISA KEV: CVE-2024-30040 — Microsoft Windows MSHTML Platform Security Feature Bypass Vulnerability
932CISA KEV: CVE-2024-30051 — Microsoft DWM Core Library Privilege Escalation Vulnerability
933CISA KEV: CVE-2024-4671 — Google Chromium Visuals Use-After-Free Vulnerability
934Integrating Snyk Code SAST results in your ServiceNow workflows
935Snyk AppRisk Pro: A holistic approach to application risk management
936CISA KEV: CVE-2023-7028 — GitLab Community and Enterprise Editions Improper Access Control Vulnerability
937CISA KEV: CVE-2024-29988 — Microsoft SmartScreen Prompt Security Feature Bypass Vulnerability
938360 degrees of application security with Snyk
939CISA KEV: CVE-2024-4040 — CrushFTP VFS Sandbox Escape Vulnerability
940CISA KEV: CVE-2024-20359 — Cisco ASA and FTD Privilege Escalation Vulnerability
941CISA KEV: CVE-2022-38028 — Microsoft Windows Print Spooler Privilege Escalation Vulnerability
942Building an npm package compatible with ESM and CJS in 2024
943How SAS secures their AI-generated code
944CISA KEV: CVE-2024-3400 — Palo Alto Networks PAN-OS Command Injection Vulnerability
945Nine Docker pro tips for Node.js developers
946CISA KEV: CVE-2024-3273 — D-Link Multiple NAS Devices Command Injection Vulnerability
947Exploiting HTTP/2 CONTINUATION frames for DoS attacks
948CISA KEV: CVE-2024-29748 — Android Pixel Privilege Escalation Vulnerability
949CISA KEV: CVE-2024-29745 — Android Pixel Information Disclosure Vulnerability
950The XZ backdoor CVE-2024-3094
951Securing your SBOM on Google Cloud
952How Snyk ensures safe adoption of AI
953CISA KEV: CVE-2023-24955 — Microsoft SharePoint Server Code Injection Vulnerability
954CISA KEV: CVE-2019-7256 — Nice Linear eMerge E3-Series OS Command Injection Vulnerability
955CISA KEV: CVE-2021-44529 — Ivanti Endpoint Manager Cloud Service Appliance (EPM CSA) Code Injection Vulnerability
956CISA KEV: CVE-2023-48788 — Fortinet FortiClient EMS SQL Injection Vulnerability
957Snyk's AppSec dream team
958Snyk users don't have to worry about NVD delays
959GitHub “besieged” by malware repositories and repo confusion: Why you'll be ok
960AppSec Maturity Models
961CISA KEV: CVE-2024-27198 — JetBrains TeamCity Authentication Bypass Vulnerability
962Snyk Learn and the NIST Cybersecurity Framework (CSF)
963CISA KEV: CVE-2024-23225 — Apple Multiple Products Memory Corruption Vulnerability
964CISA KEV: CVE-2023-21237 — Android Pixel Information Disclosure Vulnerability
965CISA KEV: CVE-2021-36380 — Sunhillo SureLine OS Command Injection Vulnerablity
966CISA KEV: CVE-2024-21338 — Microsoft Windows Kernel Exposed IOCTL with Insufficient Access Control Vulnerability
967Defense in Depth
968CISA KEV: CVE-2023-29360 — Microsoft Streaming Service Untrusted Pointer Dereference Vulnerability
9695 Node.js security code snippets every backend developer should know
970CISA KEV: CVE-2024-1709 — ConnectWise ScreenConnect Authentication Bypass Vulnerability
971Preventing server-side request forgery in Node.js applications
972Preventing SQL injection attacks in Node.js
973CISA KEV: CVE-2020-3259 — Cisco ASA and FTD Information Disclosure Vulnerability
974CISA KEV: CVE-2024-21410 — Microsoft Exchange Server Privilege Escalation Vulnerability
975Reporting AppSec risk up to your CISO
976CISA KEV: CVE-2024-21412 — Microsoft Windows Internet Shortcut Files Security Feature Bypass Vulnerability
977CISA KEV: CVE-2023-43770 — Roundcube Webmail Persistent Cross-Site Scripting (XSS) Vulnerability
978CISA KEV: CVE-2024-21762 — Fortinet FortiOS Out-of-Bound Write Vulnerability
979CISA KEV: CVE-2023-4762 — Google Chromium V8 Type Confusion Vulnerability
980CISA KEV: CVE-2022-48618 — Apple Multiple Products Memory Corruption Vulnerability
981CISA KEV: CVE-2024-21893 — Ivanti Connect Secure, Policy Secure, and Neurons Server-Side Request Forgery (SSRF) Vulnerability
982CISA KEV: CVE-2023-22527 — Atlassian Confluence Data Center and Server Template Injection Vulnerability
983The 4 best DevSecOps tools for a secure DevOps workflow
984CISA KEV: CVE-2024-23222 — Apple Multiple Products WebKit Type Confusion Vulnerability
985CISA KEV: CVE-2023-34048 — VMware vCenter Server Out-of-Bounds Write Vulnerability
986New Year's security resolutions for 2024 from Snyk DevRel, SecRel, and friends
987Understanding and mitigating the Jinja2 XSS vulnerability (CVE-2024-22195)
988CISA KEV: CVE-2023-35082 — Ivanti Endpoint Manager Mobile (EPMM) and MobileIron Core Authentication Bypass Vulnerability
989CISA KEV: CVE-2024-0519 — Google Chromium V8 Out-of-Bounds Memory Access Vulnerability
990CISA KEV: CVE-2023-6549 — Citrix NetScaler ADC and NetScaler Gateway Buffer Overflow Vulnerability
991Snyk welcomes Helios, accelerating our ASPM vision with runtime insights
992CISA KEV: CVE-2018-15133 — Laravel Deserialization of Untrusted Data Vulnerability
993CISA KEV: CVE-2023-29357 — Microsoft SharePoint Server Privilege Escalation Vulnerability
994CISA KEV: CVE-2023-46805 — Ivanti Connect Secure and Policy Secure Authentication Bypass Vulnerability
995CISA KEV: CVE-2023-23752 — Joomla! Improper Access Control Vulnerability
996CISA KEV: CVE-2016-20017 — D-Link DSL-2750B Devices Command Injection Vulnerability
997CISA KEV: CVE-2023-41990 — Apple Multiple Products Code Execution Vulnerability
998CISA KEV: CVE-2023-27524 — Apache Superset Insecure Default Initialization of Resource Vulnerability
999CISA KEV: CVE-2023-29300 — Adobe ColdFusion Deserialization of Untrusted Data Vulnerability
1000Build and deploy a Node.js security scanning API to Platformatic Cloud
1001Krampus delivers an end-of-year Struts vulnerability
1002Kroger’s approach to supply chain security
1003CISA KEV: CVE-2023-7101 — Spreadsheet::ParseExcel Remote Code Execution Vulnerability
1004CISA KEV: CVE-2023-7024 — Google Chromium WebRTC Heap Buffer Overflow Vulnerability
1005Command injection in Python: examples and prevention
1006CISA KEV: CVE-2023-49897 — FXC AE1021, AE1021PE OS Command Injection Vulnerability
1007CISA KEV: CVE-2023-47565 — QNAP VioStor NVR OS Command Injection Vulnerability
1008Common SAML vulnerabilities and how to remediate them
1009Vulnerability disclosure: Which comes first, the security bug in PHP or the CVE?
1010Snyk named as a top cybersecurity company in inaugural Fortune Cyber 60 2023 list
1011Three reasons to invest in an ASPM solution in 2024
1012Snyk recognized as an Emerging Segment Leader in Application Security in Snowflake's Next Generation of Cybersecurity Applications report
1013CISA KEV: CVE-2023-6448 — Unitronics Vision PLC and HMI Insecure Default Password Vulnerability
1014CISA KEV: CVE-2023-41266 — Qlik Sense Path Traversal Vulnerability
1015CISA KEV: CVE-2023-41265 — Qlik Sense HTTP Tunneling Vulnerability
1016Code injection in Python: examples and prevention
1017CISA KEV: CVE-2023-33107 — Qualcomm Multiple Chipsets Integer Overflow Vulnerability
1018CISA KEV: CVE-2023-33106 — Qualcomm Multiple Chipsets Use of Out-of-Range Pointer Offset Vulnerability
1019CISA KEV: CVE-2023-42917 — Apple Multiple Products WebKit Memory Corruption Vulnerability
1020Snyk Fetch the Flag CTF 2023 writeup: Off the SETUID
1021Snyk Fetch the Flag CTF 2023 writeup: Honey Baked Messages
1022Snyk Fetch the Flag CTF 2023 writeup: Protect The Environment
1023CISA KEV: CVE-2023-6345 — Google Skia Integer Overflow Vulnerability
1024CISA KEV: CVE-2023-49103 — ownCloud graphapi Information Disclosure Vulnerability
1025Nightfall AI and Snyk unite to deliver AI-powered secrets scanning for developers
1026Exploring WebExtension security vulnerabilities in React Developer Tools and Vue.js devtools
1027File encryption in Python: An in-depth exploration of symmetric and asymmetric techniques
1028CISA KEV: CVE-2023-4911 — GNU C Library Buffer Overflow Vulnerability
1029Snyk Apps now GA: An easy, standardized, and secure framework for building custom integrations
1030CISA KEV: CVE-2023-36584 — Microsoft Windows Mark of the Web (MOTW) Security Feature Bypass Vulnerability
1031CISA KEV: CVE-2023-1671 — Sophos Web Appliance Command Injection Vulnerability
1032CISA KEV: CVE-2020-2551 — Oracle Fusion Middleware Unspecified Vulnerability
1033CISA KEV: CVE-2023-36033 — Microsoft Windows Desktop Window Manager (DWM) Core Library Privilege Escalation Vulnerability
1034CISA KEV: CVE-2023-36025 — Microsoft Windows SmartScreen Security Feature Bypass Vulnerability
1035CISA KEV: CVE-2023-36036 — Microsoft Windows Cloud Files Mini Filter Driver Privilege Escalation Vulnerability
1036CISA KEV: CVE-2023-47246 — SysAid Server Path Traversal Vulnerability
1037CISA KEV: CVE-2023-36844 — Juniper Junos OS EX Series PHP External Variable Modification Vulnerability
1038CISA KEV: CVE-2023-36846 — Juniper Junos OS SRX Series Missing Authentication for Critical Function Vulnerability
1039Real-time threat protection with Snyk and SentinelOne
1040CISA KEV: CVE-2023-29552 — Service Location Protocol (SLP) Denial-of-Service Vulnerability
1041Secure your software supply chain with the new Snyk Vulnerability Intelligence for SBOM ServiceNow integration
1042CISA KEV: CVE-2023-22518 — Atlassian Confluence Data Center and Server Improper Authorization Vulnerability
1043Asset-first application security: What is it and how can it help
1044What does Biden's Executive Order on AI safety measures mean for businesses?
1045CISA KEV: CVE-2023-46604 — Apache ActiveMQ Deserialization of Untrusted Data Vulnerability
1046Dependency injection in Python
1047CISA KEV: CVE-2023-46748 — F5 BIG-IP Configuration Utility SQL Injection Vulnerability
1048The art of conditional rendering: Tips and tricks for React and Next.js developers
1049CISA KEV: CVE-2023-5631 — Roundcube Webmail Persistent Cross-Site Scripting (XSS) Vulnerability
1050Weak Hash vulnerability discovered in crypto-js and crypto-es (CVE-2023-46233 & CVE-2023-46133)
1051Adding Snyk security to Jira and Bitbucket Cloud
1052CISA KEV: CVE-2023-20273 — Cisco IOS XE Web UI Command Injection Vulnerability
1053CISA KEV: CVE-2023-4966 — Citrix NetScaler ADC and NetScaler Gateway Buffer Overflow Vulnerability
1054CISA KEV: CVE-2023-20198 — Cisco IOS XE Web UI Privilege Escalation Vulnerability
1055Installing and managing Java on macOS
1056Find and fix HTTP/2 rapid reset zero-day vulnerability CVE-2023-44487
1057Cybersecurity Venture’s 2023 Software Supply Chain Attack Report
1058CISA KEV: CVE-2023-21608 — Adobe Acrobat and Reader Use-After-Free Vulnerability
1059CISA KEV: CVE-2023-20109 — Cisco IOS and IOS XE Group Encrypted Transport VPN Out-of-Bounds Write Vulnerability
1060CISA KEV: CVE-2023-41763 — Microsoft Skype for Business Privilege Escalation Vulnerability
1061CISA KEV: CVE-2023-36563 — Microsoft WordPad Information Disclosure Vulnerability
1062CISA KEV: CVE-2023-44487 — HTTP/2 Rapid Reset Attack Vulnerability
1063CISA KEV: CVE-2023-22515 — Atlassian Confluence Data Center and Server Broken Access Control Vulnerability
1064CISA KEV: CVE-2023-40044 — Progress WS_FTP Server Deserialization of Untrusted Data Vulnerability
1065CISA KEV: CVE-2023-42824 — Apple iOS and iPadOS Kernel Privilege Escalation Vulnerability
1066High severity vulnerability found in libcurl and curl (CVE-2023-38545)
1067CISA KEV: CVE-2023-42793 — JetBrains TeamCity Authentication Bypass Vulnerability
1068CISA KEV: CVE-2023-28229 — Microsoft Windows CNG Key Isolation Service Privilege Escalation Vulnerability
1069CISA KEV: CVE-2023-4211 — Arm Mali GPU Kernel Driver Use-After-Free Vulnerability
1070Modern VS Code extension development tutorial: Building a secure extension
1071CISA KEV: CVE-2023-5217 — Google Chromium libvpx Heap Buffer Overflow Vulnerability
1072Critical WebP 0-day security CVE-2023-4863 impacts wider software ecosystem
1073CISA KEV: CVE-2018-14667 — Red Hat JBoss RichFaces Framework Expression Language Injection Vulnerability
1074Signing container images: Comparing Sigstore, Notary, and Docker Content Trust
1075CISA KEV: CVE-2023-41991 — Apple Multiple Products Improper Certificate Validation Vulnerability
1076CISA KEV: CVE-2023-41992 — Apple Multiple Products Kernel Privilege Escalation Vulnerability
1077CISA KEV: CVE-2023-41993 — Apple Multiple Products WebKit Code Execution Vulnerability
1078CISA KEV: CVE-2023-41179 — Trend Micro Apex One and Worry-Free Business Security Remote Code Execution Vulnerability
1079Developer-first supply chain security
1080CISA KEV: CVE-2023-28434 — MinIO Security Feature Bypass Vulnerability
1081CISA KEV: CVE-2022-22265 — Samsung Mobile Devices Use-After-Free Vulnerability
1082CISA KEV: CVE-2014-8361 — Realtek SDK Improper Input Validation Vulnerability
1083CISA KEV: CVE-2017-6884 — Zyxel EMG2926 Routers Command Injection Vulnerability
1084CISA KEV: CVE-2021-3129 — Laravel Ignition File Upload Vulnerability
1085Modern VS Code extension development: The basics
1086CISA KEV: CVE-2023-26369 — Adobe Acrobat and Reader Out-of-Bounds Write Vulnerability
1087Security implications of cross-origin resource sharing (CORS) in Node.js
1088CISA KEV: CVE-2023-35674 — Android Framework Privilege Escalation Vulnerability
1089CISA KEV: CVE-2023-20269 — Cisco Adaptive Security Appliance and Firepower Threat Defense Unauthorized Access Vulnerability
1090CISA KEV: CVE-2023-4863 — Google Chromium WebP Heap-Based Buffer Overflow Vulnerability
1091A guide to input validation with Spring Boot
1092CISA KEV: CVE-2023-36761 — Microsoft Word Information Disclosure Vulnerability
1093CISA KEV: CVE-2023-36802 — Microsoft Streaming Service Proxy Privilege Escalation Vulnerability
1094CISA KEV: CVE-2023-41064 — Apple iOS, iPadOS, and macOS ImageIO Buffer Overflow Vulnerability
1095Top considerations for addressing risks in the OWASP Top 10 for LLMs
1096CISA KEV: CVE-2023-33246 — Apache RocketMQ Command Execution Vulnerability
1097Node.js vs. Deno vs. Bun: Performance & JavaScript Runtime Comparison
1098Using JLink to create smaller Docker images for your Spring Boot Java application
1099CISA KEV: CVE-2023-38831 — RARLAB WinRAR Code Execution Vulnerability
1100CISA KEV: CVE-2023-32315 — Ignite Realtime Openfire Path Traversal Vulnerability
1101CISA KEV: CVE-2023-38035 — Ivanti Sentry Authentication Bypass Vulnerability
1102CISA KEV: CVE-2023-27532 — Veeam Backup & Replication Cloud Connect Missing Authentication for Critical Function Vulnerability
1103CISA KEV: CVE-2023-26359 — Adobe ColdFusion Deserialization of Untrusted Data Vulnerability
1104What are AI hallucinations and why should developers care?
1105CISA KEV: CVE-2023-24489 — Citrix Content Collaboration ShareFile Improper Access Control Vulnerability
1106CodeSecDays conference and more complete security coverage with GitGuardian
1107Manage security issues in Jira with Snyk Security in Jira Cloud
1108.NET developers alert: Moq NuGET package exfiltrates user emails from git
1109CISA KEV: CVE-2023-38180 — Microsoft .NET Core and Visual Studio Denial-of-Service Vulnerability
1110Mitigating DOM clobbering attacks in JavaScript
1111CISA KEV: CVE-2017-18368 — Zyxel P660HN-T1A Routers Command Injection Vulnerability
1112Software Supply Chain Security Tools: Types, Features & Considerations
1113How Snyk can help secure supply chains per "A Guide to Implementing the Software Bill of Materials (SBOM) for Software Management"’ by Japan's METI
1114Implementing TLS in Kubernetes
1115CISA KEV: CVE-2023-35081 — Ivanti Endpoint Manager Mobile (EPMM) Path Traversal Vulnerability
1116Control your role! Kubernetes RBAC explored
1117CISA KEV: CVE-2023-37580 — Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting (XSS) Vulnerability
1118Snyk's 2023 State of Open Source Security: Supply chain security, AI, and more
1119CISA KEV: CVE-2023-38606 — Apple Multiple Products Kernel Unspecified Vulnerability
1120CISA KEV: CVE-2023-35078 — Ivanti Endpoint Manager Mobile Authentication Bypass Vulnerability
1121CISA KEV: CVE-2023-29298 — Adobe ColdFusion Improper Access Control Vulnerability
1122Finding and fixing insecure direct object references in Python
1123CISA KEV: CVE-2023-3519 — Citrix NetScaler ADC and NetScaler Gateway Code Injection Vulnerability
1124Swift deserialization security primer
1125XS leaks: What they are and how to avoid them
1126CISA KEV: CVE-2023-36884 — Microsoft Windows Search Remote Code Execution Vulnerability
1127CISA KEV: CVE-2022-29303 — SolarView Compact Command Injection Vulnerability
1128CISA KEV: CVE-2023-37450 — Apple Multiple Products WebKit Code Execution Vulnerability
1129CISA KEV: CVE-2023-32046 — Microsoft Windows MSHTML Platform Privilege Escalation Vulnerability
1130CISA KEV: CVE-2023-32049 — Microsoft Windows Defender SmartScreen Security Feature Bypass Vulnerability
1131CISA KEV: CVE-2022-31199 — Netwrix Auditor Insecure Object Deserialization Vulnerability
1132CISA KEV: CVE-2021-29256 — Arm Mali GPU Kernel Driver Use-After-Free Vulnerability
1133Building a security-conscious CI/CD pipeline
1134The importance of verifying webhook signatures
1135CISA KEV: CVE-2019-17621 — D-Link DIR-859 Router Command Execution Vulnerability
1136CISA KEV: CVE-2019-20500 — D-Link DWL-2600AP Access Point Command Injection Vulnerability
1137CISA KEV: CVE-2021-25487 — Samsung Mobile Devices Out-of-Bounds Read Vulnerability
1138CISA KEV: CVE-2021-25489 — Samsung Mobile Devices Improper Input Validation Vulnerability
1139CISA KEV: CVE-2021-25372 — Samsung Mobile Devices Improper Boundary Check Vulnerability
1140Using insecure npm package manager defaults to steal your macOS keyboard shortcuts
1141CISA KEV: CVE-2023-32434 — Apple Multiple Products Integer Overflow Vulnerability
1142CISA KEV: CVE-2023-32435 — Apple Multiple Products WebKit Memory Corruption Vulnerability
1143CISA KEV: CVE-2023-20867 — VMware Tools Authentication Bypass Vulnerability
1144CISA KEV: CVE-2023-27992 — Zyxel Multiple NAS Devices Command Injection Vulnerability
1145CISA KEV: CVE-2023-20887 — Vmware Aria Operations for Networks Command Injection Vulnerability
1146CISA KEV: CVE-2020-35730 — Roundcube Webmail Cross-Site Scripting (XSS) Vulnerability
1147CISA KEV: CVE-2020-12641 — Roundcube Webmail Remote Code Execution Vulnerability
1148CISA KEV: CVE-2021-44026 — Roundcube Webmail SQL Injection Vulnerability
1149CISA KEV: CVE-2016-9079 — Mozilla Firefox, Firefox ESR, and Thunderbird Use-After-Free Vulnerability
1150CISA KEV: CVE-2016-0165 — Microsoft Win32k Privilege Escalation Vulnerability
1151SnakeYaml 2.0: Solving the unsafe deserialization vulnerability
1152The SecurityManager is getting removed in Java: What that means for you
1153Snyk named a Leader, placed highest in Strategy category in The Forrester Wave: Software Composition Analysis (SCA), Q2 2023 report
1154CISA KEV: CVE-2023-27997 — Fortinet FortiOS and FortiProxy SSL-VPN Heap-Based Buffer Overflow Vulnerability
1155Snyk welcomes Enso: Enabling security leaders to scale their AppSec program with ASPM
1156Reduce risk to your supply chain with a software bill of materials (SBOM)
1157SnykLaunch June ‘23: Insights and DeepCode AI enable faster fixes and prioritization
1158What can you do with an enriched SBOM? A parlay quickstart guide
1159CISA KEV: CVE-2023-3079 — Google Chromium V8 Type Confusion Vulnerability
1160Ethical hacking techniques
1161A day in the life of an ethical hacker
1162CISA KEV: CVE-2023-33009 — Zyxel Multiple Firewalls Buffer Overflow Vulnerability
1163CISA KEV: CVE-2023-34362 — Progress MOVEit Transfer SQL Injection Vulnerability
1164Ethical Hacking: Top Tools
1165A quick primer on LDAP injection
1166CISA KEV: CVE-2023-28771 — Zyxel Multiple Firewalls OS Command Injection Vulnerability
1167CISA KEV: CVE-2023-2868 — Barracuda Networks ESG Appliance Improper Input Validation Vulnerability
1168Data loss prevention for developers
1169CISA KEV: CVE-2023-32409 — Apple Multiple Products WebKit Sandbox Escape Vulnerability
1170CISA KEV: CVE-2023-32373 — Apple Multiple Products WebKit Use-After-Free Vulnerability
1171Setting up the Docker image scan GitHub Action
1172CISA KEV: CVE-2004-1464 — Cisco IOS Denial-of-Service Vulnerability
1173CISA KEV: CVE-2016-6415 — Cisco IOS, IOS XR, and IOS XE IKEv1 Information Disclosure Vulnerability
1174CISA KEV: CVE-2023-21492 — Samsung Mobile Devices Insertion of Sensitive Information Into Log File Vulnerability
1175Security success in the Bay Area with Slack
1176Snyk and ServiceNow collaborate on new SBOM solution
1177CISA KEV: CVE-2023-25717 — Multiple Ruckus Wireless Products CSRF and RCE Vulnerability
1178CISA KEV: CVE-2021-3560 — Red Hat Polkit Incorrect Authorization Vulnerability
1179CISA KEV: CVE-2014-0196 — Linux Kernel Race Condition Vulnerability
1180CISA KEV: CVE-2010-3904 — Linux Kernel Improper Input Validation Vulnerability
1181CISA KEV: CVE-2015-5317 — Jenkins User Interface (UI) Information Disclosure Vulnerability
1182CISA KEV: CVE-2016-3427 — Oracle Java SE and JRockit Unspecified Vulnerability
1183Snyk named to CNBC 2023 Disruptor 50 List
1184Secure JavaScript URL validation
1185CISA KEV: CVE-2023-29336 — Microsoft Win32K Privilege Escalation Vulnerability
1186Three considerations for building an effective security program
1187Security implications of HTTP response headers
1188CISA KEV: CVE-2023-1389 — TP-Link Archer AX-21 Command Injection Vulnerability
1189CISA KEV: CVE-2021-45046 — Apache Log4j2 Deserialization of Untrusted Data Vulnerability
1190CISA KEV: CVE-2023-21839 — Oracle WebLogic Server Unspecified Vulnerability
1191Lessons from OpenSSL vulnerabilities part 2: Finding and fixing supply chain vulnerabilities
1192API Security Guide
1193CISA KEV: CVE-2023-28432 — MinIO Information Disclosure Vulnerability
1194CISA KEV: CVE-2023-27350 — PaperCut MF/NG Improper Access Control Vulnerability
1195CISA KEV: CVE-2023-2136 — Google Chrome Skia Integer Overflow Vulnerability
1196Lessons from OpenSSL vulnerabilities part 1: Preparing your supply chain for the next critical vulnerability
1197CISA KEV: CVE-2017-6742 — Cisco IOS and IOS XE Software SNMP Remote Code Execution Vulnerability
1198Preventing insecure deserialization in Node.js
1199CISA KEV: CVE-2019-8526 — Apple macOS Use-After-Free Vulnerability
1200CISA KEV: CVE-2023-2033 — Google Chromium V8 Type Confusion Vulnerability
1201Snyk’s Evolution: A Message From CEO Peter McKay
1202CISA KEV: CVE-2023-20963 — Android Framework Privilege Escalation Vulnerability
1203CISA KEV: CVE-2023-29492 — Novi Survey Insecure Deserialization Vulnerability
1204CISA KEV: CVE-2023-28252 — Microsoft Windows Common Log File System (CLFS) Driver Privilege Escalation Vulnerability
1205New IaC security workshop from Snyk, HashiCorp, and AWS at KubeCon Europe 2023 and on-demand
1206CISA KEV: CVE-2023-28205 — Apple Multiple Products WebKit Use-After-Free Vulnerability
1207CISA KEV: CVE-2023-28206 — Apple iOS, iPadOS, and macOS IOSurfaceAccelerator Out-of-Bounds Write Vulnerability
1208CISA KEV: CVE-2021-27876 — Veritas Backup Exec Agent File Access Vulnerability
1209CISA KEV: CVE-2021-27878 — Veritas Backup Exec Agent Command Execution Vulnerability
1210CISA KEV: CVE-2019-1388 — Microsoft Windows Certificate Dialog Privilege Escalation Vulnerability
1211CISA KEV: CVE-2023-26083 — Arm Mali GPU Kernel Driver Information Disclosure Vulnerability
1212Timing out synchronous functions with regex
1213How Snyk uses AI in developer security
1214SnykLaunch April '23: C/C++ expansion, cloud and IaC updates, custom container security, new integrations, and more
1215CISA KEV: CVE-2022-27926 — Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting (XSS) Vulnerability
1216Data leak in the Netherlands: What developers should learn from this
1217CISA KEV: CVE-2013-3163 — Microsoft Internet Explorer Memory Corruption Vulnerability
1218CISA KEV: CVE-2017-7494 — Samba Remote Code Execution Vulnerability
1219CISA KEV: CVE-2022-42948 — Fortra Cobalt Strike User Interface Remote Code Execution Vulnerability
1220CISA KEV: CVE-2022-39197 — Fortra Cobalt Strike Teamserver Cross-Site Scripting (XSS) Vulnerability
1221CISA KEV: CVE-2021-30900 — Apple iOS, iPadOS, and macOS Out-of-Bounds Write Vulnerability
1222CISA KEV: CVE-2022-38181 — Arm Mali GPU Kernel Driver Use-After-Free Vulnerability
1223CISA KEV: CVE-2023-0266 — Linux Kernel Use-After-Free Vulnerability
1224CISA KEV: CVE-2022-3038 — Google Chromium Network Service Use-After-Free Vulnerability
1225Avoiding mass assignment vulnerabilities in Node.js
1226Securing the web (forward)
1227The rising trend of malicious packages in open source ecosystems
1228PulseMeter Report: Software supply chains
1229Securing the digital future: Reviewing the Biden-Harris administration's National Cybersecurity Strategy
1230The Docker project turns 10! Looking back at a decade of containers
1231New language-specific Snyk Top 10 for open source vulnerabilities
1232CISA KEV: CVE-2023-26360 — Adobe ColdFusion Deserialization of Untrusted Data Vulnerability
1233CISA KEV: CVE-2023-23397 — Microsoft Office Outlook Privilege Escalation Vulnerability
1234CISA KEV: CVE-2023-24880 — Microsoft Windows SmartScreen Security Feature Bypass Vulnerability
1235CISA KEV: CVE-2022-41328 — Fortinet FortiOS Path Traversal Vulnerability
1236Preventing XSS in Django
1237CISA KEV: CVE-2021-39144 — XStream Remote Code Execution Vulnerability
1238CISA KEV: CVE-2020-5741 — Plex Media Server Remote Code Execution Vulnerability
1239Comparing Node.js web frameworks: Which is most secure?
1240CISA KEV: CVE-2022-28810 — Zoho ManageEngine ADSelfService Plus Remote Code Execution Vulnerability
1241CISA KEV: CVE-2022-33891 — Apache Spark Command Injection Vulnerability
1242CISA KEV: CVE-2022-35914 — Teclib GLPI Remote Code Execution Vulnerability
1243Mitigating path traversal vulns in Java with Snyk Code
1244Snyk in 30: Developer-first security democast
1245Cybersecurity Hygiene 101
1246API authentication vulnerability found in Snyk Kubernetes integration (CVE-2023-1065)
1247Node.js multithreading with worker threads: pros and cons
1248CISA KEV: CVE-2022-36537 — ZK Framework AuUploader Unspecified Vulnerability
1249Finding YAML Deserialization with Snyk Code
1250The security concerns of a JavaScript sandbox with the Node.js VM module
1251Building Vue 3 components with Tailwind CSS
1252CISA KEV: CVE-2022-47986 — IBM Aspera Faspex Code Execution Vulnerability
1253CISA KEV: CVE-2022-41223 — Mitel MiVoice Connect Code Injection Vulnerability
1254CISA KEV: CVE-2022-46169 — Cacti Command Injection Vulnerability
1255When software isn’t a “supply”
1256CISA KEV: CVE-2023-21715 — Microsoft Office Publisher Security Feature Bypass Vulnerability
1257CISA KEV: CVE-2023-23376 — Microsoft Windows Common Log File System (CLFS) Driver Privilege Escalation Vulnerability
1258CISA KEV: CVE-2023-23529 — Apple Multiple Products WebKit Type Confusion Vulnerability
1259CISA KEV: CVE-2023-21823 — Microsoft Windows Graphic Component Privilege Escalation Vulnerability
1260CISA KEV: CVE-2015-2291 — Intel Ethernet Diagnostics Driver for Windows Denial-of-Service Vulnerability
1261CISA KEV: CVE-2022-24990 — TerraMaster OS Remote Command Execution Vulnerability
1262CISA KEV: CVE-2023-0669 — Fortra GoAnywhere MFT Remote Code Execution Vulnerability
1263CSPRNG: Random algorithms need security too!
1264CISA KEV: CVE-2022-21587 — Oracle E-Business Suite Unspecified Vulnerability
1265CISA KEV: CVE-2023-22952 — Multiple SugarCRM Products Remote Code Execution Vulnerability
1266Adding security to Nuxt 3
1267CISA KEV: CVE-2017-11357 — Telerik UI for ASP.NET AJAX Insecure Direct Object Reference Vulnerability
1268Snyk enhances ServiceNow with comprehensive insights into vulnerabilities in open source software
1269CISA KEV: CVE-2022-47966 — Zoho ManageEngine Multiple Products Remote Code Execution Vulnerability
1270CISA KEV: CVE-2022-44877 — CWP Control Web Panel OS Command Injection Vulnerability
1271New year ushers in new wave of Snyk Technology Alliance Partner Program members
1272Three ways Snyk made software supply chains more secure in 2022
1273OSPO security evolution: The Kübler-Ross Model of open source
1274Snyk's AppSec journey in 2022
1275CISA KEV: CVE-2022-41080 — Microsoft Exchange Server Privilege Escalation Vulnerability
1276CISA KEV: CVE-2023-21674 — Microsoft Windows Advanced Local Procedure Call (ALPC) Privilege Escalation Vulnerability
1277Bolstering Snyk's developer security platform in 2022
1278Supply chain security incident at CircleCI: Rotate your secrets
1279You should be using HTTP Strict Transport Security (HSTS) headers in your Node.js server
1280CISA KEV: CVE-2018-5430 — TIBCO JasperReports Server Information Disclosure Vulnerability
1281CISA KEV: CVE-2018-18809 — TIBCO JasperReports Library Directory Traversal Vulnerability
12825 "no experience needed" tips for building secure applications
1283Cloud security updates you need to know from re:Invent 2022
1284Building an application security battle plan: Home Alone edition
1285Exploring the Spring Security authorization bypass (CVE-2022-31692)
1286Snyk in 30: Open source security for Atlassian Bitbucket Cloud
1287Top takeaways from re:Invent 2022
1288Unsafe deserialization vulnerability in SnakeYaml (CVE-2022-1471)
1289CISA KEV: CVE-2022-42856 — Apple iOS Type Confusion Vulnerability
1290Azure Bicep security fundamentals
1291CISA KEV: CVE-2022-42475 — Fortinet FortiOS Heap-Based Buffer Overflow Vulnerability
1292CISA KEV: CVE-2022-44698 — Microsoft Defender SmartScreen Security Feature Bypass Vulnerability
1293CISA KEV: CVE-2022-27518 — Citrix Application Delivery Controller (ADC) and Gateway Authentication Bypass Vulnerability
1294CISA KEV: CVE-2022-26500 — Veeam Backup & Replication Remote Code Execution Vulnerability
1295Using Snyk reporting for data-driven security
1296Why tool consolidation matters for developer security
1297CISA KEV: CVE-2022-4262 — Google Chromium V8 Type Confusion Vulnerability
1298Code injection vulnerabilities (CVSSv3 5.8) found in Snyk CLI and IDE plugins
1299CISA KEV: CVE-2021-35587 — Oracle Fusion Middleware Unspecified Vulnerability
1300CISA KEV: CVE-2022-4135 — Google Chromium GPU Heap Buffer Overflow Vulnerability
1301Setting up SSL/TLS for Kubernetes Ingress
1302Dependency injection in JavaScript
1303How Atlassian used Snyk to solve Log4Shell
1304CISA KEV: CVE-2022-41049 — Microsoft Windows Mark of the Web (MOTW) Security Feature Bypass Vulnerability
1305Fetch the Flag CTF 2022 writeup: Disposable Message
1306Fetch the Flag CTF 2022 writeup: Not So Smart Fridge
1307Fetch the Flag CTF 2022 writeup: Treasure Trove
1308Fetch the Flag CTF 2022 writeup: Moongoose
1309Fetch the Flag CTF 2022 writeup: File Explorer
1310NPM security: preventing supply chain attacks
1311CISA KEV: CVE-2022-41091 — Microsoft Windows Mark of the Web (MOTW) Security Feature Bypass Vulnerability
1312CISA KEV: CVE-2022-41073 — Microsoft Windows Print Spooler Privilege Escalation Vulnerability
1313CISA KEV: CVE-2022-41125 — Microsoft Windows CNG Key Isolation Service Privilege Escalation Vulnerability
1314CISA KEV: CVE-2022-41128 — Microsoft Windows Scripting Languages Remote Code Execution Vulnerability
1315CISA KEV: CVE-2021-25337 — Samsung Mobile Devices Improper Access Control Vulnerability
1316Key points from Google and Accenture's ransomware white paper
1317A day in the life of a CISO: Chris Hughes of Aquia
1318Secure Python URL validation
1319Update: OpenSSL high severity vulnerabilities
1320Ruby on Rails Docker for local development environment
1321New OpenSSL critical vulnerability: What you need to know
1322CISA KEV: CVE-2022-3723 — Google Chromium V8 Type Confusion Vulnerability
1323Understanding DNS attacks: Identifying and patching vulnerabilities
1324Node.js multithreading with worker threads series: worker_threads tutorial
1325CISA KEV: CVE-2022-42827 — Apple iOS and iPadOS Out-of-Bounds Write Vulnerability
1326CISA KEV: CVE-2020-3433 — Cisco AnyConnect Secure Mobility Client for Windows DLL Hijacking Vulnerability
1327CISA KEV: CVE-2018-19323 — GIGABYTE Multiple Products Privilege Escalation Vulnerability
1328CISA KEV: CVE-2018-19320 — GIGABYTE Multiple Products Unspecified Vulnerability
1329CISA KEV: CVE-2022-41352 — Synacor Zimbra Collaboration Suite (ZCS) Arbitrary File Upload Vulnerability
1330CISA KEV: CVE-2021-3493 — Linux Kernel Privilege Escalation Vulnerability
1331SREs bring ORDER(R) to CHAOS
1332Reviewing CVE-2022-42889: The arbitrary code execution vulnerability in Apache Commons Text
1333Cloud security fundamentals part 2: Prevention and secure design
1334Improving code quality with linting in Python
1335CISA KEV: CVE-2022-40684 — Fortinet Multiple Products Authentication Bypass Vulnerability
1336CISA KEV: CVE-2022-41033 — Microsoft Windows COM+ Event System Service Privilege Escalation Vulnerability
1337Container images simplified with Ko
1338Cloud security fundamentals part 1: Know your environment
1339Command injection vulnerability in Snyk CLI released prior to September 1, 2022 (older than v1.996.0)
1340Choosing the best Node.js Docker image
1341CISA KEV: CVE-2022-41082 — Microsoft Exchange Server Remote Code Execution Vulnerability
1342CISA KEV: CVE-2022-36804 — Atlassian Bitbucket Server and Data Center Command Injection Vulnerability
1343CISA KEV: CVE-2022-3236 — Sophos Firewall Code Injection Vulnerability
1344CISA KEV: CVE-2022-35405 — Zoho ManageEngine Multiple Products Remote Code Execution Vulnerability
1345Avoiding SMTP Injection: A Whitebox primer
1346CISA KEV: CVE-2022-40139 — Trend Micro Apex One and Apex One as a Service Improper Validation Vulnerability
1347CISA KEV: CVE-2013-6282 — Linux Kernel Improper Input Validation Vulnerability
1348CISA KEV: CVE-2013-2597 — Code Aurora ACDB Audio Driver Stack-based Buffer Overflow Vulnerability
1349CISA KEV: CVE-2013-2596 — Linux Kernel Integer Overflow Vulnerability
1350CISA KEV: CVE-2013-2094 — Linux Kernel Privilege Escalation Vulnerability
1351CISA KEV: CVE-2010-2568 — Microsoft Windows Remote Code Execution Vulnerability
1352CISA KEV: CVE-2022-37969 — Microsoft Windows Common Log File System (CLFS) Driver Privilege Escalation Vulnerability
1353CISA KEV: CVE-2022-32917 — Apple iOS, iPadOS, and macOS Remote Code Execution Vulnerability
1354How Spotify uses Snyk to secure the SDLC
1355How Onna Technologies uses Snyk & Sysdig to secure the SDLC while saving time and money
1356CISA KEV: CVE-2022-3075 — Google Chromium Mojo Insufficient Data Validation Vulnerability
1357CISA KEV: CVE-2022-27593 — QNAP Photo Station Externally Controlled Reference Vulnerability
1358CISA KEV: CVE-2022-26258 — D-Link DIR-820L Remote Code Execution Vulnerability
1359CISA KEV: CVE-2020-9934 — Apple iOS, iPadOS, and macOS Input Validation Vulnerability
1360CISA KEV: CVE-2018-7445 — MikroTik RouterOS Stack-Based Buffer Overflow Vulnerability
1361CISA KEV: CVE-2018-6530 — D-Link Multiple Routers OS Command Injection Vulnerability
1362CISA KEV: CVE-2018-2628 — Oracle WebLogic Server Unspecified Vulnerability
1363CISA KEV: CVE-2018-13374 — Fortinet FortiOS and FortiADC Improper Access Control Vulnerability
1364CISA KEV: CVE-2017-5521 — NETGEAR Multiple Devices Exposure of Sensitive Information Vulnerability
1365CISA KEV: CVE-2011-4723 — D-Link DIR-300 Router Cleartext Storage of a Password Vulnerability
1366CISA KEV: CVE-2011-1823 — Android OS Privilege Escalation Vulnerability
1367Cloud Security at Blackhat and Defcon 2022
1368Response to the Enduring Security Framework (ESF) Guide for Developers
1369The npm faker package and the unexpected demise of open source libraries
1370Solve Hack the Box and other CTF challenges with Snyk
1371Building a secure API with gRPC
1372CISA KEV: CVE-2022-26352 — dotCMS Unrestricted Upload of File Vulnerability
1373CISA KEV: CVE-2022-24706 — Apache CouchDB Insecure Default Initialization of Resource Vulnerability
1374CISA KEV: CVE-2022-24112 — Apache APISIX Authentication Bypass Vulnerability
1375CISA KEV: CVE-2022-22963 — VMware Tanzu Spring Cloud Function Remote Code Execution Vulnerability
1376CISA KEV: CVE-2022-2294 — WebRTC Heap Buffer Overflow Vulnerability
1377CISA KEV: CVE-2021-39226 — Grafana Authentication Bypass Vulnerability
1378CISA KEV: CVE-2021-38406 — Delta Electronics DOPSoft 2 Improper Input Validation Vulnerability
1379CISA KEV: CVE-2021-31010 — Apple iOS, macOS, watchOS Sandbox Bypass Vulnerability
1380CISA KEV: CVE-2020-36193 — PEAR Archive_Tar Improper Link Resolution Vulnerability
1381CISA KEV: CVE-2020-28949 — PEAR Archive_Tar Deserialization of Untrusted Data Vulnerability
1382Rediscovering argument injection when using VCS tools — git and mercurial
1383How open source C++ code can introduce security risks
1384CISA KEV: CVE-2022-0028 — Palo Alto Networks PAN-OS Reflected Amplification Denial-of-Service Vulnerability
1385The dangers of assert in Python
1386CISA KEV: CVE-2022-22536 — SAP Multiple Products HTTP Request Smuggling Vulnerability
1387CISA KEV: CVE-2022-32894 — Apple iOS and macOS Out-of-Bounds Write Vulnerability
1388CISA KEV: CVE-2022-2856 — Google Chromium Intents Insufficient Input Validation Vulnerability
1389CISA KEV: CVE-2022-26923 — Microsoft Active Directory Domain Services Privilege Escalation Vulnerability
1390CISA KEV: CVE-2022-21971 — Microsoft Windows Runtime Remote Code Execution Vulnerability
1391CISA KEV: CVE-2017-15944 — Palo Alto Networks PAN-OS Remote Code Execution Vulnerability
1392Ruby gem installations can expose you to lockfile injection attacks
1393Snyk finds PyPi malware that steals Discord and Roblox credential and payment info
1394CISA KEV: CVE-2022-27925 — Synacor Zimbra Collaboration Suite (ZCS) Arbitrary File Upload Vulnerability
1395Controlling your server with a reverse shell attack
1396CISA KEV: CVE-2022-34713 — Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability
1397CISA KEV: CVE-2022-30333 — RARLAB UnRAR Directory Traversal Vulnerability
1398Securing PHP containers
1399Slidev 101: Coding presentations with Markdown
1400CISA KEV: CVE-2022-27924 — Synacor Zimbra Collaboration Suite (ZCS) Command Injection Vulnerability
1401CISA KEV: CVE-2022-26138 — Atlassian Questions For Confluence App Hard-coded Credentials Vulnerability
1402Addressing cybersecurity challenges in open source software with the Linux Foundation
1403Improving developer experience with security tools at Pinterest
1404CISA KEV: CVE-2022-22047 — Microsoft Windows Client Server Runtime Subsystem (CSRSS) Privilege Escalation Vulnerability
1405Exploring CVE-2022-33980: the Apache Commons configuration RCE vulnerability
1406CISA KEV: CVE-2022-26925 — Microsoft Windows LSA Spoofing Vulnerability
1407CISA KEV: CVE-2022-29499 — Mitel MiVoice Connect Data Validation Vulnerability
1408CISA KEV: CVE-2021-30533 — Google Chromium PopupBlocker Security Bypass Vulnerability
1409CISA KEV: CVE-2021-4034 — Red Hat Polkit Out-of-Bounds Read and Write Vulnerability
1410CISA KEV: CVE-2021-30983 — Apple iOS and iPadOS Buffer Overflow Vulnerability
1411CISA KEV: CVE-2020-3837 — Apple Multiple Products Memory Corruption Vulnerability
1412CISA KEV: CVE-2019-8605 — Apple Multiple Products Use-After-Free Vulnerability
1413CISA KEV: CVE-2022-30190 — Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability
1414CISA KEV: CVE-2021-38163 — SAP NetWeaver Unrestricted File Upload Vulnerability
1415CISA KEV: CVE-2016-2386 — SAP NetWeaver SQL Injection Vulnerability
1416CISA KEV: CVE-2016-2388 — SAP NetWeaver Information Disclosure Vulnerability
1417CISA KEV: CVE-2019-7195 — QNAP Photo Station Path Traversal Vulnerability
1418CISA KEV: CVE-2019-7193 — QNAP QTS Improper Input Validation Vulnerability
1419CISA KEV: CVE-2019-7192 — QNAP Photo Station Improper Access Control Vulnerability
1420CISA KEV: CVE-2019-5825 — Google Chromium V8 Out-of-Bounds Write Vulnerability
1421CISA KEV: CVE-2019-15271 — Cisco RV Series Routers Deserialization of Untrusted Data Vulnerability
1422CISA KEV: CVE-2018-6065 — Google Chromium V8 Integer Overflow Vulnerability
1423CISA KEV: CVE-2018-4990 — Adobe Acrobat and Reader Double Free Vulnerability
1424CISA KEV: CVE-2018-17463 — Google Chromium V8 Remote Code Execution Vulnerability
1425CISA KEV: CVE-2017-6862 — NETGEAR Multiple Devices Buffer Overflow Vulnerability
1426CISA KEV: CVE-2017-5070 — Google Chromium V8 Type Confusion Vulnerability
1427CISA KEV: CVE-2016-5198 — Google Chromium V8 Out-of-Bounds Memory Vulnerability
1428CISA KEV: CVE-2013-1331 — Microsoft Office Buffer Overflow Vulnerability
1429CISA KEV: CVE-2012-5054 — Adobe Flash Player Integer Overflow Vulnerability
1430CISA KEV: CVE-2012-4969 — Microsoft Internet Explorer Use-After-Free Vulnerability
1431CISA KEV: CVE-2012-1889 — Microsoft XML Core Services Memory Corruption Vulnerability
1432CISA KEV: CVE-2012-0767 — Adobe Flash Player Cross-Site Scripting (XSS) Vulnerability
1433CISA KEV: CVE-2012-0151 — Microsoft Windows Authenticode Signature Verification Remote Code Execution Vulnerability
1434CISA KEV: CVE-2011-2462 — Adobe Reader and Acrobat Universal 3D Memory Corruption Vulnerability
1435CISA KEV: CVE-2011-0609 — Adobe Flash Player Unspecified Vulnerability
1436CISA KEV: CVE-2010-2883 — Adobe Acrobat and Reader Stack-Based Buffer Overflow Vulnerability
1437CISA KEV: CVE-2010-2572 — Microsoft PowerPoint Buffer Overflow Vulnerability
1438CISA KEV: CVE-2009-3953 — Adobe Acrobat and Reader Universal 3D Remote Code Execution Vulnerability
1439CISA KEV: CVE-2009-0557 — Microsoft Office Object Record Corruption Vulnerability
1440CISA KEV: CVE-2008-0655 — Adobe Acrobat and Reader Unspecified Vulnerability
1441CISA KEV: CVE-2006-2492 — Microsoft Word Malformed Object Pointer Vulnerability
1442Safer together: Snyk and CISPA collaborate for the greater good
1443CISA KEV: CVE-2022-26134 — Atlassian Confluence Server and Data Center Remote Code Execution Vulnerability
1444SnykWeek Boston: Perspectives on developer security adoption
1445CISA KEV: CVE-2019-3010 — Oracle Solaris Privilege Escalation Vulnerability
1446CISA KEV: CVE-2016-3393 — Microsoft Windows Graphics Device Interface (GDI) Remote Code Execution Vulnerability
1447CISA KEV: CVE-2016-7256 — Microsoft Windows Open Type Font Remote Code Execution Vulnerability
1448CISA KEV: CVE-2016-1010 — Adobe Flash Player and AIR Integer Overflow Vulnerability
1449CISA KEV: CVE-2016-0034 — Microsoft Silverlight Runtime Remote Code Execution Vulnerability
1450CISA KEV: CVE-2015-0310 — Adobe Flash Player ASLR Bypass Vulnerability
1451CISA KEV: CVE-2015-0016 — Microsoft Windows TS WebProxy Directory Traversal Vulnerability
1452CISA KEV: CVE-2015-0071 — Microsoft Internet Explorer ASLR Bypass Vulnerability
1453CISA KEV: CVE-2015-2360 — Microsoft Win32k Privilege Escalation Vulnerability
1454CISA KEV: CVE-2015-4495 — Mozilla Firefox Security Feature Bypass Vulnerability
1455CISA KEV: CVE-2014-4148 — Microsoft Windows Remote Code Execution Vulnerability
1456CISA KEV: CVE-2014-8439 — Adobe Flash Player Dereferenced Pointer Vulnerability
1457CISA KEV: CVE-2014-4123 — Microsoft Internet Explorer Privilege Escalation Vulnerability
1458CISA KEV: CVE-2014-0546 — Adobe Reader and Acrobat Sandbox Bypass Vulnerability
1459CISA KEV: CVE-2014-4077 — Microsoft IME Japanese Privilege Escalation Vulnerability
1460CISA KEV: CVE-2014-3153 — Linux Kernel Privilege Escalation Vulnerability
1461CISA KEV: CVE-2013-7331 — Microsoft Internet Explorer Information Disclosure Vulnerability
1462CISA KEV: CVE-2013-3993 — IBM InfoSphere BigInsights Invalid Input Vulnerability
1463CISA KEV: CVE-2013-2423 — Oracle JRE Unspecified Vulnerability
1464CISA KEV: CVE-2013-0422 — Oracle JRE Remote Code Execution Vulnerability
1465CISA KEV: CVE-2013-0074 — Microsoft Silverlight Double Dereference Vulnerability
1466CISA KEV: CVE-2012-1710 — Oracle Fusion Middleware Unspecified Vulnerability
1467CISA KEV: CVE-2010-1428 — Red Hat JBoss Information Disclosure Vulnerability
1468CISA KEV: CVE-2010-0840 — Oracle JRE Unspecified Vulnerability
1469Snyk finds 200+ malicious npm packages, including Cobalt Strike dependency confusion attacks
1470CISA KEV: CVE-2018-8611 — Microsoft Windows Kernel Privilege Escalation Vulnerability
1471CISA KEV: CVE-2018-19953 — QNAP NAS File Station Cross-Site Scripting Vulnerability
1472CISA KEV: CVE-2017-0147 — Microsoft Windows SMBv1 Information Disclosure Vulnerability
1473CISA KEV: CVE-2017-0022 — Microsoft XML Core Services Information Disclosure Vulnerability
1474CISA KEV: CVE-2017-0005 — Microsoft Windows Graphics Device Interface (GDI) Privilege Escalation Vulnerability
1475CISA KEV: CVE-2017-0149 — Microsoft Internet Explorer Memory Corruption Vulnerability
1476CISA KEV: CVE-2017-8291 — Artifex Ghostscript Type Confusion Vulnerability
1477CISA KEV: CVE-2017-8543 — Microsoft Windows Search Remote Code Execution Vulnerability
1478CISA KEV: CVE-2017-18362 — Kaseya VSA SQL Injection Vulnerability
1479CISA KEV: CVE-2016-0162 — Microsoft Internet Explorer Information Disclosure Vulnerability
1480CISA KEV: CVE-2016-4655 — Apple iOS Information Disclosure Vulnerability
1481CISA KEV: CVE-2016-4656 — Apple iOS Memory Corruption Vulnerability
1482CISA KEV: CVE-2016-6366 — Cisco Adaptive Security Appliance (ASA) SNMP Buffer Overflow Vulnerability
1483CISA KEV: CVE-2016-6367 — Cisco Adaptive Security Appliance (ASA) CLI Remote Code Execution Vulnerability
1484CISA KEV: CVE-2022-20821 — Cisco IOS XR Open Port Vulnerability
1485CISA KEV: CVE-2021-1048 — Android Kernel Use-After-Free Vulnerability
1486CISA KEV: CVE-2021-0920 — Android Kernel Race Condition Vulnerability
1487CISA KEV: CVE-2021-30883 — Apple Multiple Products Memory Corruption Vulnerability
1488CISA KEV: CVE-2020-1027 — Microsoft Windows Kernel Privilege Escalation Vulnerability
1489CISA KEV: CVE-2020-0638 — Microsoft Update Notification Manager Privilege Escalation Vulnerability
1490CISA KEV: CVE-2019-7287 — Apple iOS Memory Corruption Vulnerability
1491CISA KEV: CVE-2019-0676 — Microsoft Internet Explorer Information Disclosure Vulnerability
1492CISA KEV: CVE-2019-5786 — Google Chrome Blink Use-After-Free Vulnerability
1493CISA KEV: CVE-2019-11707 — Mozilla Firefox and Thunderbird Type Confusion Vulnerability
1494CISA KEV: CVE-2019-18426 — WhatsApp Cross-Site Scripting Vulnerability
1495CISA KEV: CVE-2019-1385 — Microsoft Windows AppX Deployment Extensions Privilege Escalation Vulnerability
1496CISA KEV: CVE-2018-5002 — Adobe Flash Player Stack-based Buffer Overflow Vulnerability
1497CISA KEV: CVE-2018-8589 — Microsoft Win32k Privilege Escalation Vulnerability
1498Snyk takes over Boston for SnykWeek
1499How LiveRamp used Snyk to remediate Log4Shell
1500Cloud security challenges
1501CISA KEV: CVE-2022-30525 — Zyxel Multiple Firewalls OS Command Injection Vulnerability
1502CISA KEV: CVE-2022-22947 — VMware Spring Cloud Gateway Code Injection Vulnerability
1503CISA KEV: CVE-2022-1388 — F5 BIG-IP Missing Authentication Vulnerability
15043 Jedi-inspired lessons to level up your JavaScript security
1505CISA KEV: CVE-2021-1789 — Apple Multiple Products Type Confusion Vulnerability
1506CISA KEV: CVE-2014-4113 — Microsoft Win32k Privilege Escalation Vulnerability
1507CISA KEV: CVE-2014-0322 — Microsoft Internet Explorer Use-After-Free Vulnerability
1508CISA KEV: CVE-2014-0160 — OpenSSL Information Disclosure Vulnerability
1509Building Docker images in Kubernetes
1510Targeted npm dependency confusion attack caught red-handed
1511Under the C: A glance at C/C++ vulnerabilities in Python land
1512Generating fake security data with Python and faker-security
1513CISA KEV: CVE-2022-29464 — WSO2 Multiple Products Unrestrictive Upload of File Vulnerability
1514CISA KEV: CVE-2022-26904 — Microsoft Windows User Profile Service Privilege Escalation Vulnerability
1515CISA KEV: CVE-2022-0847 — Linux Kernel Privilege Escalation Vulnerability
1516CISA KEV: CVE-2021-41357 — Microsoft Win32k Privilege Escalation Vulnerability
1517CISA KEV: CVE-2019-1003029 — Jenkins Script Security Plugin Sandbox Bypass Vulnerability
1518Modernizing SAST rules maintenance to catch vulnerabilities faster
1519CISA KEV: CVE-2018-6882 — Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting (XSS) Vulnerability
1520CISA KEV: CVE-2019-3568 — WhatsApp VOIP Stack Buffer Overflow Vulnerability
1521CISA KEV: CVE-2022-22718 — Microsoft Windows Print Spooler Privilege Escalation Vulnerability
1522An unintimidating introduction to the dark arts of C/C++ vulnerabilities
1523CISA KEV: CVE-2022-22960 — VMware Multiple Products Privilege Escalation Vulnerability
1524CISA KEV: CVE-2022-1364 — Google Chromium V8 Type Confusion Vulnerability
1525CISA KEV: CVE-2019-3929 — Crestron Multiple Products Command Injection Vulnerability
1526CISA KEV: CVE-2019-16057 — D-Link DNS-320 Remote Code Execution Vulnerability
1527CISA KEV: CVE-2018-7841 — Schneider Electric U.motion Builder SQL Injection Vulnerability
1528CISA KEV: CVE-2016-4523 — Trihedral VTScada (formerly VTS) Denial-of-Service Vulnerability
1529CISA KEV: CVE-2014-0780 — InduSoft Web Studio NTWebServer Directory Traversal Vulnerability
1530CISA KEV: CVE-2010-5330 — Ubiquiti AirOS Command Injection Vulnerability
1531CISA KEV: CVE-2007-3010 — Alcatel OmniPCX Enterprise Remote Code Execution Vulnerability
1532CISA KEV: CVE-2022-22954 — VMware Workspace ONE Access and Identity Manager Server-Side Template Injection Vulnerability
1533CISA KEV: CVE-2022-24521 — Microsoft Windows CLFS Driver Privilege Escalation Vulnerability
1534CISA KEV: CVE-2018-7602 — Drupal Core Remote Code Execution Vulnerability
1535CISA KEV: CVE-2015-5123 — Adobe Flash Player Use-After-Free Vulnerability
1536CISA KEV: CVE-2015-3113 — Adobe Flash Player Heap-Based Buffer Overflow Vulnerability
1537CISA KEV: CVE-2015-2502 — Microsoft Internet Explorer Memory Corruption Vulnerability
1538CISA KEV: CVE-2015-0311 — Adobe Flash Player Remote Code Execution Vulnerability
1539Improving GraphQL security with static analysis and Snyk Code
1540CISA KEV: CVE-2022-23176 — WatchGuard Firebox and XTM Privilege Escalation Vulnerability
1541CISA KEV: CVE-2021-42287 — Microsoft Active Directory Domain Services Privilege Escalation Vulnerability
1542CISA KEV: CVE-2021-39793 — Google Pixel Out-of-Bounds Write Vulnerability
1543CISA KEV: CVE-2021-27852 — Checkbox Survey Deserialization of Untrusted Data Vulnerability
1544CISA KEV: CVE-2021-22600 — Linux Kernel Privilege Escalation Vulnerability
1545CISA KEV: CVE-2020-2509 — QNAP Network-Attached Storage (NAS) Command Injection Vulnerability
1546CISA KEV: CVE-2017-11317 — Telerik UI for ASP.NET AJAX Unrestricted File Upload Vulnerability
1547Spring4Shell extends to Glassfish and Payara: same vulnerability, new exploit
1548Getting started with React Native security
1549CISA KEV: CVE-2021-3156 — Sudo Heap-Based Buffer Overflow Vulnerability
1550CISA KEV: CVE-2021-31166 — Microsoft HTTP Protocol Stack Remote Code Execution Vulnerability
1551CISA KEV: CVE-2017-0148 — Microsoft SMBv1 Server Remote Code Execution Vulnerability
1552Snyk Open Source adds C/C++ security scanning for unmanaged dependencies
1553Exploring 3 types of directory traversal vulnerabilities in C/C++
1554CISA KEV: CVE-2022-22965 — Spring Framework JDK 9+ Remote Code Execution Vulnerability
1555CISA KEV: CVE-2022-22675 — Apple macOS Out-of-Bounds Write Vulnerability
1556CISA KEV: CVE-2021-45382 — D-Link Multiple Routers Remote Code Execution Vulnerability
1557Alert: LaughTilYouCry ransomware sabotages npm package (with puns)
1558Spring4Shell: The zero-day RCE in the Spring Framework explained
1559Spring4Shell: What we know about the Java RCE vulnerability
1560CISA KEV: CVE-2022-26871 — Trend Micro Apex Central Arbitrary File Upload Vulnerability
1561CISA KEV: CVE-2022-1040 — Sophos Firewall Authentication Bypass Vulnerability
1562CISA KEV: CVE-2021-34484 — Microsoft Windows User Profile Service Privilege Escalation Vulnerability
1563CISA KEV: CVE-2021-28799 — QNAP NAS Improper Authorization Vulnerability
1564CISA KEV: CVE-2021-21551 — Dell dbutil Driver Insufficient Access Control Vulnerability
1565CISA KEV: CVE-2018-10562 — Dasan GPON Routers Command Injection Vulnerability
1566Using the Snyk Vulnerability Database to find projects for The Big Fix
1567Building a secure GraphQL API with Node.js
1568Meet (and join) our newest Snyk Ambassadors!
1569CISA KEV: CVE-2022-1096 — Google Chromium V8 Type Confusion Vulnerability
1570CISA KEV: CVE-2022-0543 — Debian-specific Redis Server Lua Sandbox Escape Vulnerability
1571CISA KEV: CVE-2021-38646 — Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability
1572CISA KEV: CVE-2021-34486 — Microsoft Windows Event Tracing Privilege Escalation Vulnerability
1573CISA KEV: CVE-2021-26085 — Atlassian Confluence Server Pre-Authorization Arbitrary File Read Vulnerability
1574CISA KEV: CVE-2021-20028 — SonicWall Secure Remote Access (SRA) SQL Injection Vulnerability
1575CISA KEV: CVE-2019-7483 — SonicWall SMA100 Directory Traversal Vulnerability
1576CISA KEV: CVE-2018-8406 — Microsoft DirectX Graphics Kernel Privilege Escalation Vulnerability
1577CISA KEV: CVE-2017-0213 — Microsoft Windows Privilege Escalation Vulnerability
1578CISA KEV: CVE-2017-0059 — Microsoft Internet Explorer Information Disclosure Vulnerability
1579CISA KEV: CVE-2017-0037 — Microsoft Edge and Internet Explorer Type Confusion Vulnerability
1580CISA KEV: CVE-2016-7201 — Microsoft Edge Memory Corruption Vulnerability
1581CISA KEV: CVE-2016-0151 — Microsoft Windows CSRSS Security Feature Bypass Vulnerability
1582CISA KEV: CVE-2015-2426 — Microsoft Windows Adobe Type Manager Library Remote Code Execution Vulnerability
1583CISA KEV: CVE-2015-1770 — Microsoft Office Uninitialized Memory Use Vulnerability
1584CISA KEV: CVE-2013-3660 — Microsoft Win32k Privilege Escalation Vulnerability
1585CISA KEV: CVE-2013-2729 — Adobe Reader and Acrobat Arbitrary Integer Overflow Vulnerability
1586CISA KEV: CVE-2013-2551 — Microsoft Internet Explorer Use-After-Free Vulnerability
1587CISA KEV: CVE-2013-2465 — Oracle Java SE Unspecified Vulnerability
1588CISA KEV: CVE-2013-1690 — Mozilla Firefox and Thunderbird Denial-of-Service Vulnerability
1589CISA KEV: CVE-2012-5076 — Oracle Java SE Sandbox Bypass Vulnerability
1590CISA KEV: CVE-2012-2539 — Microsoft Word Remote Code Execution Vulnerability
1591CISA KEV: CVE-2012-2034 — Adobe Flash Player Memory Corruption Vulnerability
1592CISA KEV: CVE-2012-0518 — Oracle Fusion Middleware Unspecified Vulnerability
1593CISA KEV: CVE-2011-2005 — Microsoft Ancillary Function Driver (afd.sys) Improper Input Validation Vulnerability
1594CISA KEV: CVE-2010-4398 — Microsoft Windows Kernel Stack-Based Buffer Overflow Vulnerability
1595CISA KEV: CVE-2022-26318 — WatchGuard Firebox and XTM Appliances Arbitrary Code Execution
1596CISA KEV: CVE-2022-26143 — MiCollab, MiVoice Business Express Access Control Vulnerability
1597CISA KEV: CVE-2022-21999 — Microsoft Windows Print Spooler Privilege Escalation Vulnerability
1598CISA KEV: CVE-2021-42237 — Sitecore XP Remote Command Execution Vulnerability
1599CISA KEV: CVE-2021-22941 — Citrix ShareFile Improper Access Control Vulnerability
1600CISA KEV: CVE-2020-9377 — D-Link DIR-610 Devices Remote Command Execution
1601CISA KEV: CVE-2020-9054 — Zyxel Multiple NAS Devices OS Command Injection Vulnerability
1602CISA KEV: CVE-2020-7247 — OpenSMTPD Remote Code Execution Vulnerability
1603CISA KEV: CVE-2020-5410 — VMware Tanzu Spring Cloud Config Directory Traversal Vulnerability
1604CISA KEV: CVE-2020-2506 — QNAP Helpdesk Improper Access Control Vulnerability
1605CISA KEV: CVE-2020-2021 — Palo Alto Networks PAN-OS Authentication Bypass Vulnerability
1606CISA KEV: CVE-2020-1956 — Apache Kylin OS Command Injection Vulnerability
1607CISA KEV: CVE-2020-1631 — Juniper Junos OS Path Traversal Vulnerability
1608CISA KEV: CVE-2019-6340 — Drupal Core Remote Code Execution Vulnerability
1609CISA KEV: CVE-2019-2616 — Oracle BI Publisher Unauthorized Access Vulnerability
1610CISA KEV: CVE-2019-16920 — D-Link Multiple Routers Command Injection Vulnerability
1611CISA KEV: CVE-2019-15107 — Webmin Command Injection Vulnerability
1612CISA KEV: CVE-2019-12991 — Citrix SD-WAN and NetScaler Command Injection Vulnerability
1613CISA KEV: CVE-2019-11043 — PHP FastCGI Process Manager (FPM) Buffer Overflow Vulnerability
1614CISA KEV: CVE-2019-10068 — Kentico Xperience Deserialization of Untrusted Data Vulnerability
1615CISA KEV: CVE-2019-1003030 — Jenkins Matrix Project Plugin Remote Code Execution Vulnerability
1616CISA KEV: CVE-2018-8414 — Microsoft Windows Shell Remote Code Execution Vulnerability
1617CISA KEV: CVE-2018-8373 — Microsoft Scripting Engine Memory Corruption Vulnerability
1618CISA KEV: CVE-2018-6961 — VMware SD-WAN Edge by VeloCloud Command Injection Vulnerability
1619CISA KEV: CVE-2018-14839 — LG N1A1 NAS Remote Command Execution Vulnerability
1620CISA KEV: CVE-2018-1273 — VMware Tanzu Spring Data Commons Property Binder Vulnerability
1621CISA KEV: CVE-2018-11138 — Quest KACE System Management Appliance Remote Command Execution Vulnerability
1622CISA KEV: CVE-2018-0147 — Cisco Secure Access Control System Java Deserialization Vulnerability
1623CISA KEV: CVE-2018-0125 — Cisco VPN Routers Remote Code Execution Vulnerability
1624CISA KEV: CVE-2017-6334 — NETGEAR DGN2200 Devices OS Command Injection Vulnerability
1625CISA KEV: CVE-2017-6316 — Citrix Multiple Products Remote Code Execution Vulnerability
1626CISA KEV: CVE-2017-3881 — Cisco IOS and IOS XE Remote Code Execution Vulnerability
1627CISA KEV: CVE-2017-12617 — Apache Tomcat Remote Code Execution Vulnerability
1628CISA KEV: CVE-2016-7892 — Adobe Flash Player Use-After-Free Vulnerability
1629CISA KEV: CVE-2016-4171 — Adobe Flash Player Remote Code Execution Vulnerability
1630CISA KEV: CVE-2016-1555 — NETGEAR Multiple WAP Devices Command Injection Vulnerability
1631CISA KEV: CVE-2016-11021 — D-Link DCS-930L Devices OS Command Injection Vulnerability
1632CISA KEV: CVE-2016-10174 — NETGEAR WNR2000v5 Router Buffer Overflow Vulnerability
1633CISA KEV: CVE-2016-0752 — Ruby on Rails Directory Traversal Vulnerability
1634CISA KEV: CVE-2015-4068 — Arcserve Unified Data Protection (UDP) Directory Traversal Vulnerability
1635CISA KEV: CVE-2015-3035 — TP-Link Multiple Archer Devices Directory Traversal Vulnerability
1636CISA KEV: CVE-2015-1427 — Elasticsearch Groovy Scripting Engine Remote Code Execution Vulnerability
1637CISA KEV: CVE-2015-1187 — D-Link and TRENDnet Multiple Devices Remote Code Execution Vulnerability
1638CISA KEV: CVE-2015-0666 — Cisco Prime Data Center Network Manager (DCNM) Directory Traversal Vulnerability
1639CISA KEV: CVE-2014-6332 — Microsoft Windows Object Linking & Embedding (OLE) Automation Array Remote Code Execution Vulnerability
1640CISA KEV: CVE-2014-6324 — Microsoft Kerberos Key Distribution Center (KDC) Privilege Escalation Vulnerability
1641CISA KEV: CVE-2014-6287 — Rejetto HTTP File Server (HFS) Remote Code Execution Vulnerability
1642CISA KEV: CVE-2014-3120 — Elasticsearch Remote Code Execution Vulnerability
1643CISA KEV: CVE-2013-5223 — D-Link DSL-2760U Gateway Cross-Site Scripting Vulnerability
1644CISA KEV: CVE-2013-2251 — Apache Struts Improper Input Validation Vulnerability
1645CISA KEV: CVE-2012-1823 — PHP-CGI Query String Parameter Vulnerability
1646CISA KEV: CVE-2010-4345 — Exim Privilege Escalation Vulnerability
1647CISA KEV: CVE-2010-4344 — Exim Heap-Based Buffer Overflow Vulnerability
1648CISA KEV: CVE-2010-3035 — Cisco IOS XR Border Gateway Protocol (BGP) Denial-of-Service Vulnerability
1649CISA KEV: CVE-2010-2861 — Adobe ColdFusion Directory Traversal Vulnerability
1650CISA KEV: CVE-2009-1151 — phpMyAdmin Remote Code Execution Vulnerability
1651CISA KEV: CVE-2009-0927 — Adobe Reader and Adobe Acrobat Stack-Based Buffer Overflow Vulnerability
1652CISA KEV: CVE-2005-2773 — HP OpenView Network Node Manager Remote Code Execution Vulnerability
1653How Snyk helps satisfy White House cybersecurity recommendations
1654Protestware is trending in open source: 4 different types and their impact
1655dompdf security alert: RCE vulnerability found in popular PHP PDF library
1656Alert: peacenotwar module sabotages npm developers in the node-ipc package to protest the invasion of Ukraine
1657CISA KEV: CVE-2020-5135 — SonicWall SonicOS Buffer Overflow Vulnerability
1658CISA KEV: CVE-2019-1405 — Microsoft Windows Universal Plug and Play (UPnP) Service Privilege Escalation Vulnerability
1659CISA KEV: CVE-2019-1315 — Microsoft Windows Error Reporting Manager Privilege Escalation Vulnerability
1660CISA KEV: CVE-2019-1253 — Microsoft Windows AppX Deployment Server Privilege Escalation Vulnerability
1661CISA KEV: CVE-2019-1132 — Microsoft Win32k Privilege Escalation Vulnerability
1662CISA KEV: CVE-2018-8120 — Microsoft Win32k Privilege Escalation Vulnerability
1663CISA KEV: CVE-2017-0101 — Microsoft Windows Transaction Manager Privilege Escalation Vulnerability
1664CISA KEV: CVE-2016-3309 — Microsoft Windows Kernel Privilege Escalation Vulnerability
1665CISA KEV: CVE-2015-2546 — Microsoft Win32k Memory Corruption Vulnerability
1666Build a software bill of materials (SBOM) for open source supply chain security
1667"Dirty Pipe" Linux vulnerability and your containerized applications (CVE-2022-0847)
1668Celebrating amazing open source innovation from Ukraine
1669Simplifying container security with Snyk’s security expertise
1670CISA KEV: CVE-2022-26486 — Mozilla Firefox Use-After-Free Vulnerability
1671CISA KEV: CVE-2021-21973 — VMware vCenter Server and Cloud Foundation Server Side Request Forgery (SSRF) Vulnerability
1672CISA KEV: CVE-2020-8218 — Pulse Connect Secure Code Injection Vulnerability
1673CISA KEV: CVE-2019-11581 — Atlassian Jira Server and Data Center Server-Side Template Injection Vulnerability
1674CISA KEV: CVE-2017-6077 — NETGEAR DGN2200 Remote Code Execution Vulnerability
1675CISA KEV: CVE-2016-6277 — NETGEAR Multiple Routers Remote Code Execution Vulnerability
1676CISA KEV: CVE-2013-0631 — Adobe ColdFusion Information Disclosure Vulnerability
1677CISA KEV: CVE-2013-0629 — Adobe ColdFusion Directory Traversal Vulnerability
1678CISA KEV: CVE-2013-0625 — Adobe ColdFusion Authentication Bypass Vulnerability
1679CISA KEV: CVE-2009-3960 — Adobe BlazeDS Information Disclosure Vulnerability
1680Adding Container and IaC security to the Snyk plugin for Jetbrains
1681CISA KEV: CVE-2022-20708 — Cisco Small Business RV Series Routers Stack-based Buffer Overflow Vulnerability
1682CISA KEV: CVE-2021-41379 — Microsoft Windows Installer Privilege Escalation Vulnerability
1683CISA KEV: CVE-2020-1938 — Apache Tomcat Improper Privilege Management Vulnerability
1684CISA KEV: CVE-2020-11899 — Treck TCP/IP stack Out-of-Bounds Read Vulnerability
1685CISA KEV: CVE-2019-16928 — Exim Out-of-bounds Write Vulnerability
1686CISA KEV: CVE-2019-1652 — Cisco Small Business Routers Improper Input Validation Vulnerability
1687CISA KEV: CVE-2019-1297 — Microsoft Excel Remote Code Execution Vulnerability
1688CISA KEV: CVE-2018-8581 — Microsoft Exchange Server Privilege Escalation Vulnerability
1689CISA KEV: CVE-2018-8298 — ChakraCore Scripting Engine Type Confusion Vulnerability
1690CISA KEV: CVE-2018-0180 — Cisco IOS Software Denial-of-Service Vulnerability
1691CISA KEV: CVE-2018-0175 — Cisco IOS, XR, and XE Software Buffer Overflow Vulnerability
1692CISA KEV: CVE-2018-0174 — Cisco IOS Software and Cisco IOS XE Software Improper Input Validation Vulnerability
1693CISA KEV: CVE-2018-0161 — Cisco IOS Software Resource Management Errors Vulnerability
1694CISA KEV: CVE-2018-0156 — Cisco IOS Software and Cisco IOS XE Software Smart Install Denial-of-Service Vulnerability
1695CISA KEV: CVE-2018-0155 — Cisco Catalyst Bidirectional Forwarding Detection Denial-of-Service Vulnerability
1696CISA KEV: CVE-2018-0154 — Cisco IOS Software Integrated Services Module for VPN Denial-of-Service Vulnerability
1697CISA KEV: CVE-2018-0151 — Cisco IOS Software and Cisco IOS XE Software Quality of Service Remote Code Execution Vulnerability
1698CISA KEV: CVE-2017-8540 — Microsoft Malware Protection Engine Improper Restriction of Operations Vulnerability
1699CISA KEV: CVE-2017-6736 — Cisco IOS and IOS XE Software SNMP Remote Code Execution Vulnerability
1700CISA KEV: CVE-2017-12319 — Cisco IOS XE Software Ethernet Virtual Private Network Border Gateway Protocol Denial-of-Service Vulnerability
1701CISA KEV: CVE-2017-12238 — Cisco Catalyst 6800 Series Switches VPLS Denial-of-Service Vulnerability
1702CISA KEV: CVE-2017-12235 — Cisco IOS Software for Cisco Industrial Ethernet Switches PROFINET Denial-of-Service Vulnerability
1703CISA KEV: CVE-2017-12231 — Cisco IOS Software Network Address Translation Denial-of-Service Vulnerability
1704CISA KEV: CVE-2017-11292 — Adobe Flash Player Type Confusion Vulnerability
1705CISA KEV: CVE-2017-0261 — Microsoft Office Use-After-Free Vulnerability
1706CISA KEV: CVE-2017-0001 — Microsoft Graphics Device Interface (GDI) Privilege Escalation Vulnerability
1707CISA KEV: CVE-2016-8562 — Siemens SIMATIC CP 1543-1 Improper Privilege Management Vulnerability
1708CISA KEV: CVE-2016-7855 — Adobe Flash Player Use-After-Free Vulnerability
1709CISA KEV: CVE-2016-7262 — Microsoft Office Security Feature Bypass Vulnerability
1710CISA KEV: CVE-2016-7193 — Microsoft Office Memory Corruption Vulnerability
1711CISA KEV: CVE-2016-5195 — Linux Kernel Race Condition Vulnerability
1712CISA KEV: CVE-2016-4117 — Adobe Flash Player Arbitrary Code Execution Vulnerability
1713CISA KEV: CVE-2016-0099 — Microsoft Windows Secondary Logon Service Privilege Escalation Vulnerability
1714CISA KEV: CVE-2015-4902 — Oracle Java SE Integrity Check Vulnerability
1715CISA KEV: CVE-2015-3043 — Adobe Flash Player Memory Corruption Vulnerability
1716CISA KEV: CVE-2015-2590 — Oracle Java SE and Java SE Embedded Remote Code Execution Vulnerability
1717CISA KEV: CVE-2015-2545 — Microsoft Office Malformed EPS File Vulnerability
1718CISA KEV: CVE-2015-2424 — Microsoft PowerPoint Memory Corruption Vulnerability
1719CISA KEV: CVE-2015-2387 — Microsoft ATM Font Driver Privilege Escalation Vulnerability
1720CISA KEV: CVE-2014-4114 — Microsoft Windows Object Linking & Embedding (OLE) Remote Code Execution Vulnerability
1721CISA KEV: CVE-2014-0496 — Adobe Reader and Acrobat Use-After-Free Vulnerability
1722CISA KEV: CVE-2013-3897 — Microsoft Internet Explorer Use-After-Free Vulnerability
1723CISA KEV: CVE-2013-3346 — Adobe Reader and Acrobat Memory Corruption Vulnerability
1724CISA KEV: CVE-2013-1675 — Mozilla Firefox Information Disclosure Vulnerability
1725CISA KEV: CVE-2013-1347 — Microsoft Internet Explorer Remote Code Execution Vulnerability
1726CISA KEV: CVE-2013-0641 — Adobe Reader Buffer Overflow Vulnerability
1727CISA KEV: CVE-2013-0632 — Adobe ColdFusion Authentication Bypass Vulnerability
1728CISA KEV: CVE-2012-4681 — Oracle Java SE Runtime Environment (JRE) Arbitrary Code Execution Vulnerability
1729CISA KEV: CVE-2012-1856 — Microsoft Office MSCOMCTL.OCX Remote Code Execution Vulnerability
1730CISA KEV: CVE-2011-1889 — Microsoft Forefront TMG Remote Code Execution Vulnerability
1731CISA KEV: CVE-2011-0611 — Adobe Flash Player Remote Code Execution Vulnerability
1732CISA KEV: CVE-2010-3333 — Microsoft Office Stack-based Buffer Overflow Vulnerability
1733CISA KEV: CVE-2010-0232 — Microsoft Windows Kernel Exception Handler Vulnerability
1734CISA KEV: CVE-2010-0188 — Adobe Reader and Acrobat Arbitrary Code Execution Vulnerability
1735CISA KEV: CVE-2009-3129 — Microsoft Excel Featheader Record Memory Corruption Vulnerability
1736CISA KEV: CVE-2009-1123 — Microsoft Windows Improper Input Validation Vulnerability
1737CISA KEV: CVE-2008-3431 — Oracle VirtualBox Insufficient Input Validation Vulnerability
1738CISA KEV: CVE-2008-2992 — Adobe Reader and Acrobat Input Validation Vulnerability
1739CISA KEV: CVE-2004-0210 — Microsoft Windows Privilege Escalation Vulnerability
1740Visibly invisible malicious Node.js packages: When configuration niche meets invisible characters
1741CISA KEV: CVE-2022-24682 — Synacor Zimbra Collaborate Suite (ZCS) Cross-Site Scripting Vulnerability
1742CISA KEV: CVE-2017-8570 — Microsoft Office Remote Code Execution Vulnerability
1743CISA KEV: CVE-2014-6352 — Microsoft Windows Code Injection Vulnerability
1744Magento security requires additional patch to fix sanitization vulnerability
1745CISA KEV: CVE-2022-23131 — Zabbix Frontend Authentication Bypass Vulnerability
1746CISA KEV: CVE-2022-23134 — Zabbix Frontend Improper Access Control Vulnerability
1747Join The Big Fix: a 24-hour livestream dedicated to fixing security vulnerabilities in your projects
1748CVE-2022-24086 Vulnerability alert for websites using Magento Ecommerce
1749Using the Snyk Vulnerability database to identify projects for The Big Fix
1750Teaming up with Sysdig to deliver developer and runtime Kubernetes security
1751Case study: Python RCE vulnerability in Celery
1752CISA KEV: CVE-2022-24086 — Adobe Commerce and Magento Open Source Improper Input Validation Vulnerability
1753CISA KEV: CVE-2022-0609 — Google Chromium Animation Use-After-Free Vulnerability
1754CISA KEV: CVE-2019-0752 — Microsoft Internet Explorer Type Confusion Vulnerability
1755CISA KEV: CVE-2018-8174 — Microsoft Windows VBScript Engine Out-of-Bounds Write Vulnerability
1756CISA KEV: CVE-2018-20250 — WinRAR Absolute Path Traversal Vulnerability
1757CISA KEV: CVE-2018-15982 — Adobe Flash Player Use-After-Free Vulnerability
1758CISA KEV: CVE-2017-9841 — PHPUnit Command Injection Vulnerability
1759CISA KEV: CVE-2014-1761 — Microsoft Word Memory Corruption Vulnerability
1760CISA KEV: CVE-2013-3906 — Microsoft Graphics Component Memory Corruption Vulnerability
1761Automating Terraform security in Scalr deployments with Regula [Tutorial]
1762CISA KEV: CVE-2022-22620 — Apple iOS, iPadOS, and macOS Webkit Use-After-Free Vulnerability
1763SAST and SCA: Better together with Snyk
1764Lessons learned from the Argo CD zero-day vulnerability (CVE-2022-24348)
1765CISA KEV: CVE-2021-36934 — Microsoft Windows SAM Local Privilege Escalation Vulnerability
1766CISA KEV: CVE-2020-0796 — Microsoft SMBv3 Remote Code Execution Vulnerability
1767CISA KEV: CVE-2018-1000861 — Jenkins Stapler Web Framework Deserialization of Untrusted Data Vulnerability
1768CISA KEV: CVE-2017-9791 — Apache Struts 1 Improper Input Validation Vulnerability
1769CISA KEV: CVE-2017-8464 — Microsoft Windows Shell (.lnk) Remote Code Execution Vulnerability
1770CISA KEV: CVE-2017-10271 — Oracle Corporation WebLogic Server Remote Code Execution Vulnerability
1771CISA KEV: CVE-2017-0263 — Microsoft Win32k Privilege Escalation Vulnerability
1772CISA KEV: CVE-2015-2051 — D-Link DIR-645 Router Remote Code Execution Vulnerability
1773CISA KEV: CVE-2015-1635 — Microsoft HTTP.sys Remote Code Execution Vulnerability
1774CISA KEV: CVE-2015-1130 — Apple OS X Authentication Bypass Vulnerability
1775CISA KEV: CVE-2014-4404 — Apple OS X Heap-Based Buffer Overflow Vulnerability
1776Using Pulumi to automate the Snyk Kubernetes integration for containers
1777Log4Shell remediation with Snyk by the numbers
1778CISA KEV: CVE-2022-21882 — Microsoft Win32k Privilege Escalation Vulnerability
1779Analyzing the PwnKit local privilege escalation exploit
1780CISA KEV: CVE-2022-22587 — Apple Memory Corruption Vulnerability
1781CISA KEV: CVE-2021-20038 — SonicWall SMA 100 Appliances Stack-Based Buffer Overflow Vulnerability
1782CISA KEV: CVE-2020-5722 — Grandstream Networks UCM6200 Series SQL Injection Vulnerability
1783CISA KEV: CVE-2020-0787 — Microsoft Windows Background Intelligent Transfer Service (BITS) Improper Privilege Management Vulnerability
1784CISA KEV: CVE-2017-5689 — Intel Active Management Technology (AMT), Small Business Technology (SBT), and Standard Manageability Privilege Escalation Vulnerability
1785CISA KEV: CVE-2014-1776 — Microsoft Internet Explorer Memory Corruption Vulnerability
1786CISA KEV: CVE-2014-6271 — GNU Bourne-Again Shell (Bash) Arbitrary Code Execution Vulnerability
1787Getting started at a new organization
1788Stranger Danger: Live hack of how a Log4Shell exploit works
1789CISA KEV: CVE-2006-1547 — Apache Struts 1 ActionForm Denial-of-Service Vulnerability
1790CISA KEV: CVE-2012-0391 — Apache Struts 2 Improper Input Validation Vulnerability
1791CISA KEV: CVE-2018-8453 — Microsoft Win32k Privilege Escalation Vulnerability
1792CISA KEV: CVE-2021-35247 — SolarWinds Serv-U Improper Input Validation Vulnerability
1793CISA KEV: CVE-2021-32648 — October CMS Improper Authentication
1794CISA KEV: CVE-2021-25296 — Nagios XI OS Command Injection
1795CISA KEV: CVE-2021-40870 — Aviatrix Controller Unrestricted Upload of File
1796CISA KEV: CVE-2021-33766 — Microsoft Exchange Server Information Disclosure
1797CISA KEV: CVE-2021-21975 — VMware Server Side Request Forgery in vRealize Operations Manager API
1798CISA KEV: CVE-2021-21315 — System Information Library for Node.JS Command Injection
1799CISA KEV: CVE-2021-22991 — F5 BIG-IP Traffic Management Microkernel Buffer Overflow
1800CISA KEV: CVE-2020-14864 — Oracle Business Intelligence Enterprise Edition Path Transversal
1801CISA KEV: CVE-2020-13671 — Drupal core Un-restricted Upload of File
1802CISA KEV: CVE-2020-11978 — Apache Airflow Command Injection
1803CISA KEV: CVE-2020-13927 — Apache Airflow's Experimental API Authentication Bypass
18048 best Java code review tools for developers
1805The Secure Developer: 2021 in review
1806URL confusion vulnerabilities in the wild: Exploring parser inconsistencies
1807CISA KEV: CVE-2021-22017 — VMware vCenter Server Improper Access Control
1808CISA KEV: CVE-2021-36260 — Hikvision Improper Input Validation
1809CISA KEV: CVE-2020-6572 — Google Chrome Media Use-After-Free Vulnerability
1810CISA KEV: CVE-2019-1458 — Microsoft Win32k Privilege Escalation Vulnerability
1811CISA KEV: CVE-2013-3900 — Microsoft WinVerifyTrust function Remote Code Execution
1812CISA KEV: CVE-2019-2725 — Oracle WebLogic Server, Injection
1813CISA KEV: CVE-2019-9670 — Synacor Zimbra Collaboration Suite (ZCS) Improper Restriction of XML External Entity Reference
1814CISA KEV: CVE-2018-13382 — Fortinet FortiOS and FortiProxy Improper Authorization
1815CISA KEV: CVE-2018-13383 — Fortinet FortiOS and FortiProxy Out-of-bounds Write
1816CISA KEV: CVE-2019-1579 — Palo Alto Networks PAN-OS Remote Code Execution Vulnerability
1817CISA KEV: CVE-2019-10149 — Exim Mail Transfer Agent (MTA) Improper Input Validation
1818CISA KEV: CVE-2015-7450 — IBM WebSphere Application Server and Server Hypervisor Edition Code Injection.
1819CISA KEV: CVE-2017-1000486 — Primetek Primefaces Remote Code Execution Vulnerability
1820CISA KEV: CVE-2019-7609 — Kibana Arbitrary Code Execution
1821CISA KEV: CVE-2021-27860 — FatPipe WARP, IPVPN, and MPVPN Configuration Upload exploit
1822Open source maintainer pulls the plug on npm packages colors and faker, now what?
1823FTC highlights the importance of securing Log4j and software supply chain
1824Developer security resolutions for 2022
1825Checking Terraform IaC security in CI/CD with Regula and Bitbucket Pipelines [Tutorial]
1826New Log4j 2.17.1 fixes CVE-2021-44832 remote code execution (but it’s not as bad as it sounds)
1827Snyk IaC in 2021: Leading infrastructure as code security for developers
1828Snyk Container in 2021: Shifting container security all the way left
1829Snyk Open Source in 2021: A year of innovation
1830Log4j 2.16 High Severity Vulnerability (CVE-2021-45105) Discovered
1831Find Log4Shell vulnerabilities in your unmanaged and shaded jars with the Snyk CLI
1832Log4j 2.15 vulnerability CVE-2021-45046 upgraded to a critical severity arbitrary code execution
1833Security in context: When is a CVE not a CVE?
1834Log4Shell in a nutshell (for non-developers & non-Java developers)
1835CISA KEV: CVE-2021-43890 — Microsoft Windows AppX Installer Spoofing Vulnerability
1836CISA KEV: CVE-2021-4102 — Google Chromium V8 Use-After-Free Vulnerability
1837The Log4j vulnerability and its impact on software supply chain security
1838Find and fix the Log4Shell exploit fast with Snyk
1839Log4j vulnerability explained: Prevent Log4Shell RCE by updating to version 2.17.1
1840CISA KEV: CVE-2021-44515 — Zoho Desktop Central Authentication Bypass Vulnerability
1841CISA KEV: CVE-2019-13272 — Linux Kernel Improper Privilege Management Vulnerability
1842CISA KEV: CVE-2021-35394 — Realtek Jungle SDK Remote Code Execution Vulnerability
1843CISA KEV: CVE-2019-7238 — Sonatype Nexus Repository Manager Incorrect Access Control Vulnerability
1844CISA KEV: CVE-2019-0193 — Apache Solr DataImportHandler Code Injection Vulnerability
1845CISA KEV: CVE-2021-44168 — Fortinet FortiOS Arbitrary File Download
1846CISA KEV: CVE-2017-17562 — Embedthis GoAhead Remote Code Execution Vulnerability
1847CISA KEV: CVE-2017-12149 — Red Hat JBoss Application Server Remote Code Execution Vulnerability
1848CISA KEV: CVE-2020-17463 — Fuel CMS SQL Injection Vulnerability
1849CISA KEV: CVE-2020-8816 — Pi-Hole AdminLTE Remote Code Execution Vulnerability
1850CISA KEV: CVE-2019-10758 — MongoDB mongo-express Remote Code Execution Vulnerability
1851CISA KEV: CVE-2021-44228 — Apache Log4j2 Remote Code Execution Vulnerability
1852Responsible disclosure: CodeCov CEO & CTO share learnings from the breach
1853CISA KEV: CVE-2020-11261 — Qualcomm Multiple Chipsets Improper Input Validation Vulnerability
1854CISA KEV: CVE-2018-14847 — MikroTik Router OS Directory Traversal Vulnerability
1855CISA KEV: CVE-2021-37415 — Zoho ManageEngine ServiceDesk Authentication Bypass Vulnerability
1856CISA KEV: CVE-2021-40438 — Apache HTTP Server-Side Request Forgery (SSRF)
1857CISA KEV: CVE-2021-44077 — Zoho ManageEngine ServiceDesk Plus Remote Code Execution Vulnerability
1858Snyk achieves AWS Security Competency status
1859CISA KEV: CVE-2021-22204 — ExifTool Remote Code Execution Vulnerability
1860CISA KEV: CVE-2021-40449 — Microsoft Windows Win32k Privilege Escalation Vulnerability
1861CISA KEV: CVE-2021-42292 — Microsoft Excel Security Feature Bypass
1862Scanning ARM templates for misconfigurations with the Snyk CLI
18636 big AWS IAM vulnerabilities – and how to avoid them
1864Exploring extensions of dependency confusion attacks via npm package aliasing
1865How and when to use Docker labels / OCI container annotations
1866JavaScript type confusion: Bypassed input validation (and how to remediate)
1867CISA KEV: CVE-2021-27104 — Accellion FTA OS Command Injection Vulnerability
1868CISA KEV: CVE-2021-27103 — Accellion FTA Server-Side Request Forgery (SSRF) Vulnerability
1869CISA KEV: CVE-2021-21017 — Adobe Acrobat and Reader Heap-based Buffer Overflow Vulnerability
1870CISA KEV: CVE-2021-28550 — Adobe Acrobat and Reader Use-After-Free Vulnerability
1871CISA KEV: CVE-2018-4939 — Adobe ColdFusion Deserialization of Untrusted Data Vulnerability
1872CISA KEV: CVE-2018-15961 — Adobe ColdFusion Unrestricted File Upload Vulnerability
1873CISA KEV: CVE-2018-4878 — Adobe Flash Player Use-After-Free Vulnerability
1874CISA KEV: CVE-2020-5735 — Amcrest Cameras and NVR Stack-based Buffer Overflow Vulnerability
1875CISA KEV: CVE-2019-2215 — Android Kernel Use-After-Free Vulnerability
1876CISA KEV: CVE-2017-9805 — Apache Struts Deserialization of Untrusted Data Vulnerability
1877CISA KEV: CVE-2021-42013 — Apache HTTP Server Path Traversal Vulnerability
1878CISA KEV: CVE-2019-0211 — Apache HTTP Server Privilege Escalation Vulnerability
1879CISA KEV: CVE-2016-4437 — Apache Shiro Code Execution Vulnerability
1880CISA KEV: CVE-2019-17558 — Apache Solr VelocityResponseWriter Plug-In Remote Code Execution Vulnerability
1881CISA KEV: CVE-2020-17530 — Apache Struts Remote Code Execution Vulnerability
1882CISA KEV: CVE-2021-30858 — Apple iOS, iPadOS, macOS Use-After-Free Vulnerability
1883CISA KEV: CVE-2019-6223 — Apple iOS and macOS Group Facetime Vulnerability
1884CISA KEV: CVE-2021-30860 — Apple Multiple Products Integer Overflow Vulnerability
1885CISA KEV: CVE-2020-27930 — Apple Multiple Products Memory Corruption Vulnerability
1886CISA KEV: CVE-2020-27932 — Apple Multiple Products Type Confusion Vulnerability
1887CISA KEV: CVE-2020-9818 — Apple iOS, iPadOS, and watchOS Out-of-Bounds Write Vulnerability
1888CISA KEV: CVE-2021-1782 — Apple Multiple Products Race Condition Vulnerability
1889CISA KEV: CVE-2021-1879 — Apple iOS, iPadOS, and watchOS WebKit Cross-Site Scripting (XSS) Vulnerability
1890CISA KEV: CVE-2021-30661 — Apple Multiple Products WebKit Storage Use-After-Free Vulnerability
1891CISA KEV: CVE-2021-30666 — Apple iOS WebKit Buffer Overflow Vulnerability
1892CISA KEV: CVE-2021-30713 — Apple macOS Unspecified Vulnerability
1893CISA KEV: CVE-2021-30869 — Apple iOS, iPadOS, and macOS Type Confusion Vulnerability
1894CISA KEV: CVE-2021-20090 — Arcadyan Buffalo Firmware Path Traversal Vulnerability
1895CISA KEV: CVE-2021-27562 — Arm Trusted Firmware Out-of-Bounds Write Vulnerability
1896CISA KEV: CVE-2021-28664 — Arm Mali Graphics Processing Unit (GPU) Unspecified Vulnerability
1897CISA KEV: CVE-2019-3398 — Atlassian Confluence Server and Data Center Path Traversal Vulnerability
1898CISA KEV: CVE-2021-26084 — Atlassian Confluence Server and Data Center Object-Graph Navigation Language (OGNL) Injection Vulnerability
1899CISA KEV: CVE-2019-11580 — Atlassian Crowd and Crowd Data Center Remote Code Execution Vulnerability
1900CISA KEV: CVE-2021-42258 — BQE BillQuick Web Suite SQL Injection Vulnerability
1901CISA KEV: CVE-2020-3452 — Cisco ASA and FTD Read-Only Path Traversal Vulnerability
1902CISA KEV: CVE-2020-3580 — Cisco ASA and FTD Cross-Site Scripting (XSS) Vulnerability
1903CISA KEV: CVE-2021-1497 — Cisco HyperFlex HX Installer Virtual Machine Command Injection Vulnerability
1904CISA KEV: CVE-2018-0171 — Cisco IOS and IOS XE Software Smart Install Remote Code Execution Vulnerability
1905CISA KEV: CVE-2020-3118 — Cisco IOS XR Software Discovery Protocol Format String Vulnerability
1906CISA KEV: CVE-2020-3566 — Cisco IOS XR Software DVMRP Memory Exhaustion Vulnerability
1907CISA KEV: CVE-2020-3161 — Cisco IP Phones Web Server Remote Code Execution and Denial-of-Service Vulnerability
1908CISA KEV: CVE-2019-1653 — Cisco Small Business RV320 and RV325 Routers Information Disclosure Vulnerability
1909CISA KEV: CVE-2018-0296 — Cisco Adaptive Security Appliance (ASA) Denial-of-Service Vulnerability
1910CISA KEV: CVE-2019-13608 — Citrix StoreFront Server XML External Entity (XXE) Processing Vulnerability
1911CISA KEV: CVE-2020-8193 — Citrix ADC, Gateway, and SD-WAN WANOP Appliance Authorization Bypass Vulnerability
1912CISA KEV: CVE-2019-19781 — Citrix ADC, Gateway, and SD-WAN WANOP Appliance Code Execution Vulnerability
1913CISA KEV: CVE-2019-11634 — Citrix Workspace Application and Receiver for Windows Remote Code Execution Vulnerability
1914CISA KEV: CVE-2020-29557 — D-Link DIR-825 R1 Devices Buffer Overflow Vulnerability
1915CISA KEV: CVE-2020-25506 — D-Link DNS-320 Device Command Injection Vulnerability
1916CISA KEV: CVE-2018-15811 — DotNetNuke (DNN) Inadequate Encryption Strength Vulnerability
1917CISA KEV: CVE-2017-9822 — DotNetNuke (DNN) Remote Code Execution Vulnerability
1918CISA KEV: CVE-2019-15752 — Docker Desktop Community Edition Privilege Escalation Vulnerability
1919CISA KEV: CVE-2020-8515 — Multiple DrayTek Vigor Routers Web Management Page Vulnerability
1920CISA KEV: CVE-2018-7600 — Drupal Core Remote Code Execution Vulnerability
1921CISA KEV: CVE-2021-22205 — GitLab Community and Enterprise Editions Remote Code Execution Vulnerability
1922CISA KEV: CVE-2018-6789 — Exim Buffer Overflow Vulnerability
1923CISA KEV: CVE-2020-8657 — EyesOfNetwork Use of Hard-Coded Credentials Vulnerability
1924CISA KEV: CVE-2020-8655 — EyesOfNetwork Improper Privilege Management Vulnerability
1925CISA KEV: CVE-2020-5902 — F5 BIG-IP Traffic Management User Interface (TMUI) Remote Code Execution Vulnerability
1926CISA KEV: CVE-2021-22986 — F5 BIG-IP and BIG-IQ Centralized Management iControl REST Remote Code Execution Vulnerability
1927CISA KEV: CVE-2021-35464 — ForgeRock Access Management (AM) Core Server Remote Code Execution Vulnerability
1928CISA KEV: CVE-2019-5591 — Fortinet FortiOS Default Configuration Vulnerability
1929CISA KEV: CVE-2020-12812 — Fortinet FortiOS SSL VPN Improper Authentication Vulnerability
1930CISA KEV: CVE-2018-13379 — Fortinet FortiOS SSL VPN Path Traversal Vulnerability
1931CISA KEV: CVE-2020-16010 — Google Chrome for Android UI Heap Buffer Overflow Vulnerability
1932CISA KEV: CVE-2021-21166 — Google Chromium Race Condition Vulnerability
1933CISA KEV: CVE-2020-16017 — Google Chrome Use-After-Free Vulnerability
1934CISA KEV: CVE-2021-37976 — Google Chromium Information Disclosure Vulnerability
1935CISA KEV: CVE-2020-16009 — Google Chromium V8 Type Confusion Vulnerability
1936CISA KEV: CVE-2021-30632 — Google Chromium V8 Out-of-Bounds Write Vulnerability
1937CISA KEV: CVE-2020-16013 — Google Chromium V8 Incorrect Implementation Vulnerabililty
1938CISA KEV: CVE-2021-30633 — Google Chromium Indexed DB API Use-After-Free Vulnerability
1939CISA KEV: CVE-2021-21148 — Google Chromium V8 Heap Buffer Overflow Vulnerability
1940CISA KEV: CVE-2021-21206 — Google Chromium Blink Use-After-Free Vulnerability
1941CISA KEV: CVE-2021-38000 — Google Chromium Intents Improper Input Validation Vulnerability
1942CISA KEV: CVE-2021-38003 — Google Chromium V8 Memory Corruption Vulnerability
1943CISA KEV: CVE-2020-4430 — IBM Data Risk Manager Directory Traversal Vulnerability
1944CISA KEV: CVE-2020-4428 — IBM Data Risk Manager Remote Code Execution Vulnerability
1945CISA KEV: CVE-2019-4716 — IBM Planning Analytics Remote Code Execution Vulnerability
1946CISA KEV: CVE-2016-3715 — ImageMagick Arbitrary File Deletion Vulnerability
1947CISA KEV: CVE-2020-15505 — Ivanti MobileIron Multiple Products Remote Code Execution Vulnerability
1948CISA KEV: CVE-2021-30116 — Kaseya Virtual System/Server Administrator (VSA) Information Disclosure Vulnerability
1949CISA KEV: CVE-2020-7961 — Liferay Portal Deserialization of Untrusted Data Vulnerability
1950CISA KEV: CVE-2021-23874 — McAfee Total Protection (MTP) Improper Privilege Management Vulnerability
1951CISA KEV: CVE-2021-22506 — Micro Focus Access Manager Information Leakage Vulnerability
1952CISA KEV: CVE-2021-22502 — Micro Focus Operation Bridge Report (OBR) Remote Code Execution Vulnerability
1953CISA KEV: CVE-2014-1812 — Microsoft Windows Group Policy Preferences Password Privilege Escalation Vulnerability
1954CISA KEV: CVE-2021-38647 — Microsoft Open Management Infrastructure (OMI) Remote Code Execution Vulnerability
1955CISA KEV: CVE-2016-0167 — Microsoft Win32k Privilege Escalation Vulnerability
1956CISA KEV: CVE-2020-0878 — Microsoft Edge and Internet Explorer Memory Corruption Vulnerability
1957CISA KEV: CVE-2021-31955 — Microsoft Windows Kernel Information Disclosure Vulnerability
1958CISA KEV: CVE-2021-33739 — Microsoft Desktop Window Manager (DWM) Core Library Privilege Escalation Vulnerability
1959CISA KEV: CVE-2016-0185 — Microsoft Windows Media Center Remote Code Execution Vulnerability
1960CISA KEV: CVE-2020-0683 — Microsoft Windows Installer Privilege Escalation Vulnerability
1961CISA KEV: CVE-2021-33742 — Microsoft Windows MSHTML Platform Remote Code Execution Vulnerability
1962CISA KEV: CVE-2021-31199 — Microsoft Enhanced Cryptographic Provider Privilege Escalation Vulnerability
1963CISA KEV: CVE-2020-0938 — Microsoft Windows Adobe Font Manager Library Remote Code Execution Vulnerability
1964CISA KEV: CVE-2020-17144 — Microsoft Exchange Server Remote Code Execution Vulnerability
1965CISA KEV: CVE-2021-38645 — Microsoft Open Management Infrastructure (OMI) Privilege Escalation Vulnerability
1966CISA KEV: CVE-2021-34523 — Microsoft Exchange Server Privilege Escalation Vulnerability
1967CISA KEV: CVE-2017-7269 — Microsoft Windows Server Buffer Overflow Vulnerability
1968CISA KEV: CVE-2021-36948 — Microsoft Windows Update Medic Service Privilege Escalation Vulnerability
1969CISA KEV: CVE-2017-0143 — Microsoft Windows Server Message Block (SMBv1) Remote Code Execution Vulnerability
1970CISA KEV: CVE-2019-0708 — Microsoft Remote Desktop Services Remote Code Execution Vulnerability
1971CISA KEV: CVE-2020-1464 — Microsoft Windows Spoofing Vulnerability
1972CISA KEV: CVE-2021-34527 — Microsoft Windows Print Spooler Remote Code Execution Vulnerability
1973CISA KEV: CVE-2021-31207 — Microsoft Exchange Server Security Feature Bypass Vulnerability
1974CISA KEV: CVE-2019-0803 — Microsoft Win32k Privilege Escalation Vulnerability
1975CISA KEV: CVE-2020-1040 — Microsoft Hyper-V RemoteFX vGPU Remote Code Execution Vulnerability
1976CISA KEV: CVE-2017-8759 — Microsoft .NET Framework Remote Code Execution Vulnerability
1977CISA KEV: CVE-2018-8653 — Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability
1978CISA KEV: CVE-2021-36942 — Microsoft Windows Local Security Authority (LSA) Spoofing Vulnerability
1979CISA KEV: CVE-2018-0798 — Microsoft Office Memory Corruption Vulnerability
1980CISA KEV: CVE-2012-0158 — Microsoft MSCOMCTL.OCX Remote Code Execution Vulnerability
1981CISA KEV: CVE-2017-11882 — Microsoft Office Memory Corruption Vulnerability
1982CISA KEV: CVE-2021-27059 — Microsoft Office Remote Code Execution Vulnerability
1983CISA KEV: CVE-2017-11774 — Microsoft Office Outlook Security Feature Bypass Vulnerability
1984CISA KEV: CVE-2020-1472 — Microsoft Netlogon Privilege Escalation Vulnerability
1985CISA KEV: CVE-2021-34448 — Microsoft Windows Scripting Engine Memory Corruption Vulnerability
1986CISA KEV: CVE-2019-1214 — Microsoft Windows Privilege Common Log File System (CLFS) Escalation Vulnerability
1987CISA KEV: CVE-2016-3235 — Microsoft Office OLE DLL Side Loading Vulnerability
1988CISA KEV: CVE-2019-0863 — Microsoft Windows Error Reporting (WER) Privilege Escalation Vulnerability
1989CISA KEV: CVE-2020-6819 — Mozilla Firefox And Thunderbird Use-After-Free Vulnerability
1990CISA KEV: CVE-2019-17026 — Mozilla Firefox And Thunderbird Type Confusion Vulnerability
1991CISA KEV: CVE-2019-15949 — Nagios XI Remote Code Execution Vulnerability
1992CISA KEV: CVE-2020-26919 — Netgear JGS516PE Devices Missing Function Level Access Control Vulnerability
1993CISA KEV: CVE-2019-19356 — Netis WF2419 Devices Remote Code Execution Vulnerability
1994CISA KEV: CVE-2012-3152 — Oracle Fusion Middleware Unspecified Vulnerability
1995CISA KEV: CVE-2020-14871 — Oracle Solaris and Zettabyte File System (ZFS) Unspecified Vulnerability
1996CISA KEV: CVE-2015-4852 — Oracle WebLogic Server Deserialization of Untrusted Data Vulnerability
1997CISA KEV: CVE-2020-14750 — Oracle WebLogic Server Remote Code Execution Vulnerability
1998CISA KEV: CVE-2020-14883 — Oracle WebLogic Server Unspecified Vulnerability
1999CISA KEV: CVE-2020-8644 — PlaySMS Server-Side Template Injection Vulnerability
2000CISA KEV: CVE-2019-18935 — Progress Telerik UI for ASP.NET AJAX Deserialization of Untrusted Data Vulnerability
2001CISA KEV: CVE-2021-22893 — Ivanti Pulse Connect Secure Use-After-Free Vulnerability
2002CISA KEV: CVE-2020-8243 — Ivanti Pulse Connect Secure Code Execution Vulnerability
2003CISA KEV: CVE-2021-22894 — Ivanti Pulse Connect Secure Collaboration Suite Buffer Overflow Vulnerability
2004CISA KEV: CVE-2021-22899 — Ivanti Pulse Connect Secure Command Injection Vulnerability
2005CISA KEV: CVE-2019-11510 — Ivanti Pulse Connect Secure Arbitrary File Read Vulnerability
2006CISA KEV: CVE-2021-1906 — Qualcomm Multiple Chipsets Detection of Error Condition Without Action Vulnerability
2007CISA KEV: CVE-2021-1905 — Qualcomm Multiple Chipsets Use-After-Free Vulnerability
2008CISA KEV: CVE-2020-10221 — rConfig OS Command Injection Vulnerability
2009CISA KEV: CVE-2021-35395 — Realtek AP-Router SDK Buffer Overflow Vulnerability
2010CISA KEV: CVE-2017-16651 — Roundcube Webmail File Disclosure Vulnerability
2011CISA KEV: CVE-2020-11652 — SaltStack Salt Path Traversal Vulnerability
2012CISA KEV: CVE-2020-11651 — SaltStack Salt Authentication Bypass Vulnerability
2013CISA KEV: CVE-2020-16846 — SaltStack Salt Shell Injection Vulnerability
2014CISA KEV: CVE-2018-2380 — SAP Customer Relationship Management (CRM) Path Traversal Vulnerability
2015CISA KEV: CVE-2010-5326 — SAP NetWeaver Remote Code Execution Vulnerability
2016CISA KEV: CVE-2016-9563 — SAP NetWeaver XML External Entity (XXE) Vulnerability
2017CISA KEV: CVE-2020-6287 — SAP NetWeaver Missing Authentication for Critical Function Vulnerability
2018CISA KEV: CVE-2016-3976 — SAP NetWeaver Directory Traversal Vulnerability
2019CISA KEV: CVE-2019-16256 — SIMalliance Toolbox Browser Command Injection Vulnerability
2020CISA KEV: CVE-2020-10148 — SolarWinds Orion Authentication Bypass Vulnerability
2021CISA KEV: CVE-2021-35211 — SolarWinds Serv-U Remote Code Execution Vulnerability
2022CISA KEV: CVE-2016-3643 — SolarWinds Virtualization Manager Privilege Escalation Vulnerability
2023CISA KEV: CVE-2020-10199 — Sonatype Nexus Repository Remote Code Execution Vulnerability
2024CISA KEV: CVE-2021-20021 — SonicWall Email Security Improper Privilege Management Vulnerability
2025CISA KEV: CVE-2019-7481 — SonicWall SMA100 SQL Injection Vulnerability
2026CISA KEV: CVE-2020-12271 — Sophos SFOS SQL Injection Vulnerability
2027CISA KEV: CVE-2020-10181 — Sumavision EMR Cross-Site Request Forgery (CSRF) Vulnerability
2028CISA KEV: CVE-2017-6327 — Symantec Messaging Gateway Remote Code Execution Vulnerability
2029CISA KEV: CVE-2019-18988 — TeamViewer Desktop Bypass Remote Login Vulnerability
2030CISA KEV: CVE-2017-9248 — Progress Telerik UI for ASP.NET AJAX and Sitefinity Cryptographic Weakness Vulnerability
2031CISA KEV: CVE-2021-31755 — Tenda AC11 Router Stack Buffer Overflow Vulnerability
2032CISA KEV: CVE-2020-10987 — Tenda AC1900 Router AC15 Model Remote Code Execution Vulnerability
2033CISA KEV: CVE-2018-14558 — Tenda AC7, AC9, and AC10 Routers Command Injection Vulnerability
2034CISA KEV: CVE-2019-18187 — Trend Micro OfficeScan Directory Traversal Vulnerability
2035CISA KEV: CVE-2020-8467 — Trend Micro Apex One and OfficeScan Remote Code Execution Vulnerability
2036CISA KEV: CVE-2020-8468 — Trend Micro Multiple Products Content Validation Escape Vulnerability
2037CISA KEV: CVE-2020-24557 — Trend Micro Multiple Products Improper Access Control Vulnerability
2038CISA KEV: CVE-2021-36742 — Trend Micro Multiple Products Improper Input Validation Vulnerability
2039CISA KEV: CVE-2019-20085 — TVT NVMS-1000 Directory Traversal Vulnerability
2040CISA KEV: CVE-2019-16759 — vBulletin PHP Module Remote Code Execution Vulnerability
2041CISA KEV: CVE-2019-5544 — VMware ESXi and Horizon DaaS OpenSLP Heap-Based Buffer Overflow Vulnerability
2042CISA KEV: CVE-2020-3992 — VMware ESXi OpenSLP Use-After-Free Vulnerability
2043CISA KEV: CVE-2020-3950 — VMware Multiple Products Privilege Escalation Vulnerability
2044CISA KEV: CVE-2021-22005 — VMware vCenter Server File Upload Vulnerability
2045CISA KEV: CVE-2020-3952 — VMware vCenter Server Information Disclosure Vulnerability
2046CISA KEV: CVE-2021-21972 — VMware vCenter Server Remote Code Execution Vulnerability
2047CISA KEV: CVE-2021-21985 — VMware vCenter Server Improper Input Validation Vulnerability
2048CISA KEV: CVE-2020-25213 — WordPress File Manager Plugin Remote Code Execution Vulnerability
2049CISA KEV: CVE-2020-11738 — WordPress Snap Creek Duplicator Plugin File Download Vulnerability
2050CISA KEV: CVE-2019-9978 — WordPress Social Warfare Plugin Cross-Site Scripting (XSS) Vulnerability
2051CISA KEV: CVE-2021-27561 — Yealink Device Management Server-Side Request Forgery (SSRF) Vulnerability
2052CISA KEV: CVE-2021-40539 — Zoho ManageEngine ADSelfService Plus Authentication Bypass Vulnerability
2053CISA KEV: CVE-2020-10189 — Zoho ManageEngine Desktop Central File Upload Vulnerability
2054CISA KEV: CVE-2019-8394 — Zoho ManageEngine ServiceDesk Plus (SDP) File Upload Vulnerability
2055Security Horror Story: Accidentally exposing PII data
2056Snyk joins OpenSSF: Tackling open source supply chain security with a developer-first approach
2057Securing S3 bucket configuration and access with Snyk & Solvo
2058How Dun & Bradstreet and Shutterstock built successful security champions programs
2059Why the Facebook outage and Twitch breach matter to business leaders
2060Checking AWS AMI IDs in Terraform using Regula and Open Policy Agent
2061Call for nominations: The Snykie awards for Secure Development
2062Snyk Code CLI support now in public beta
2063Snyk sponsoring 2021 Open Source Summit by the Linux Foundation
2064A (soft) introduction to Python dependency management
2065Detect and prevent dependency confusion attacks on npm to maintain supply chain security
2066Preventing malicious packages and supply chain attacks with Snyk
2067The key to solving the cybersecurity workforce gap: Enlisting the world’s 27 million developers in the fight
2068The 8 best IntelliJ plugins for improving your coding experience
2069Plugins to put Node.js application security and observability in your IDE
2070How Snyk Social Trends help you fix essential security vulnerabilities
2071Building Java container images using Jib
2072Use Snyk security policies to prioritize fixes more efficiently
2073Better Ruby Gemfile security: A step-by-step guide using Snyk
2074Getting started with Snyk for secure Python development
2075Four steps for hardening Amazon EKS security
2076How Snyk is normalizing authentication strategies with Gloo Edge
2077Why you should upgrade to Maven version 3.8.1
2078Managing Node.js Docker images in GitHub Packages using GitHub Actions
2079SnykCon 2021 excitement is starting, but the CFP is ending (soon)
2080Hardening Amazon EKS security with RBAC, secure IMDS, and audit logging
2081Talking visibility, scalability, and relationships in secure development with Phil Guimond of ViacomCBS
20825 potential risks of open source software
2083You can’t compare SAST tools using only lists, test suites, and benchmarks
2084Advancing SBOM standards: Snyk and SPDX
2085Understanding the software supply chain security requirements in the cybersecurity Executive Order
2086Snyk uncovers supply chain security vulnerabilities in Visual Studio Code extensions
2087Snyk takes on responsibility for Node.js ecosystem vulnerability disclosure program
2088Prevent cloud misconfigurations in HashiCorp Terraform with Snyk IaC
2089Trend Micro launches Cloud One Open Source Security powered by Snyk
2090SuiteCRM: PHAR deserialization vulnerability to code execution
2091Snyk uncovers malicious code activities in open source supply chain security on the npm registry
2092Why developer-first SAST tools are the future of code security
2093Securing cloud native applications: ActiveCampaign’s VP, Information Security provides perspective
2094Developer driven workflows: Dockerfile image scanning, prioritization, and remediation
2095Defining developer-first container security
2096Docker Hub authentication: Is 2021 the year you enable 2FA on Docker Hub?
2097How I was hacking docker containers by exploiting ImageMagick vulnerabilities
209810 Kubernetes Security Context settings you should understand
2099Automating vulnerability monitoring with Snyk, Prometheus and Grafana
2100SolarWinds Orion Security Breach: A Shift In The Software Supply Chain Paradigm
2101Snyk IaC scanning enhancements include Azure and AWS infrastructure as code
2102AWS vulnerability scanning using the Snyk integration
2103What makes Verdaccio a successful project?
2104Docker for Node.js developers: 5 things you need to know not to fail your security
2105Cache poisoning in popular open source packages
2106What is typosquatting and how typosquatting attacks are responsible for malicious modules in npm
2107Securing your Kubernetes application development with Snyk and Tilt
2108What makes Fastify a successful project?
2109Command line tools for containers—using Snyk with Buildah, Podman, and Skopeo
2110Kernel privilege escalation: how Kubernetes container isolation impacts privilege escalation attacks
211110 git aliases for a faster and productive git workflow
2112Cheatsheet: top 10 application security acronyms
2113Command injection: how it works, what are the risks, and how to prevent it
2114DevSecOps tools for open source projects in JavaScript and Node.js
2115Buffer overflow in Chromium affecting multiple packages
2116Container image formats under the hood
2117RPM Package Manager: RPM package security scanning with Snyk
2118Python Poetry package manager and security integration with software composition analysis tool
2119From zero to security hero: test your GitHub projects for known vulnerabilities
2120GitHub Actions to securely publish npm packages
2121Node.js security: lessons from the Node.js Security Working Group in triaging vulnerabilities
2122Privileged Docker containers—do you really need them?
2123Regular Expression Denial of Service (REDoS) in UAParser.js
2124SourMint malicious SDK research write up
2125SourMint: iOS remote code execution, Android findings, and community response
2126JHipster security scanning with Snyk
2127Scanning ARM container images with Snyk
2128Enabling application security management at scale
2129Arbitrary code execution in Grunt
2130Building a secure Amazon S3 bucket (AWS)
2131New Gartner Market Guide highlights the importance of Software Composition Analysis (SCA)
2132SourMint malicious SDK research writeup
2133Prototype pollution in express-fileupload
2134Breaking out of message brokers
2135Arbitrary File Write via Archive Extraction (Zip Slip) in go-rpmutils
2136Navigate 3 trends in financial services with DevSecOps
2137Demystifying HTTP request smuggling
2138Regular Expression Denial-of-Service in websocket-extensions
2139Checking Helm Charts for security misconfigurations
2140Why do organizations trust Snyk to win the open source security battle?
2141Using Snyk to implement end-to-end DevSecOps on Microsoft Azure
21423 big Amazon S3 vulnerabilities you may be missing
2143Snyk achieves AWS Lambda Ready designation
2144Why did is-promise happen and what can we learn from it
2145Snyk achieves Amazon Linux 2 ready designation
2146Snyk vulnerability disclosure program: what’s going on behind the scenes?
2147Yarn 2 plugins - an introduction
2148VS Code extension: building auto CI/CD with GitHub Actions
2149Yarn 2 — the future of package managers for JavaScript?
2150Vulnerable Gradle plugin-publish plugin reveals sensitive information
2151March in review: State of Open Source Security survey, All.The.Talks virtual conference, and more
2152Using UBI images to minimize container vulnerabilities
2153Creating an automated cloud infrastructure testing tool with Terraform and PyTest
2154Exploring the minimist prototype pollution security vulnerability
2155The State of Open Source Security Survey - 2020
2156What is a backdoor? Let’s build one with Node.js
2157Fastify Node.js framework improves JSON security thanks to a security report
2158Ghostcat breach affects all Tomcat versions
2159Node.js release fixes a critical HTTP security vulnerability
2160Understanding filesystem takeover vulnerabilities in npm JavaScript package manager
2161Showing application vulnerabilities in Kubernetes-native tooling
2162Uncharted territory - discovering vulnerabilities in public Helm Charts
2163Security digital transformation with James Kaplan
2164See Snyk and GitHub in action at GitHub Universe
2165Using third party content securely
2166JavaScript frameworks security report 2019
2167Angular vs React: the security risk of indirect dependencies
216884% of all websites are impacted by jQuery XSS vulnerabilities
2169A Snyk peek into Node.js and npm’s state of open source security report 2019
2170Why npm lockfiles can be a security blindspot for injecting malicious modules
2171Modern security leader spotlight: with Marcin Hoppe from Auth0
2172Everything you wanted to know about addressing security vulnerabilities in Linux-based containers
2173Sequelize ORM npm library found vulnerable to SQL Injection attacks
2174Mastering Node.js version management and npm registry sources like a pro
2175Jackson Deserialization Vulnerability
2176A year-old dormant malicious remote code execution vulnerability discovered in Webmin
2177A technical analysis of the Capital One cloud misconfiguration breach
2178Staying ahead of security vulnerabilities with security patches
2179PCI standards open source security requirements — how to comply?
2180Concerns of supply-chain attacks amplify as remote code execution was found in Ruby gem strong_password
2181Snyk research team discovers severe prototype pollution security vulnerabilities affecting all versions of lodash
2182Serverless is great, but what about the security of my AWS Lambda functions and their dependencies?
2183npm passes the 1 millionth package milestone! What can we learn?
2184Java Top 10 Security Vulnerabilities Disclosed [2019 - List]
2185Scoring security vulnerabilities 101: Introducing CVSS for CVEs
2186Understanding Amazon S3 security and compliance on AWS
2187A Denial of Service vulnerability discovered in the Axios JavaScript package - affecting all versions of the popular HTTP client
2188Add a SECURITY.md file to your Azure Repos
2189Azure Repos enriched with DevSecOps capabilities
2190190,000 users affected by Docker Hub’s security breach. Now what?
2191The top two most popular Docker base images each have over 500 vulnerabilities
2192Take actions to improve security in your Docker images
2193After three years of silence, a new jQuery prototype pollution vulnerability emerges once again
2194Securing Bitbucket Cloud with Snyk
2195Malicious remote code execution backdoor discovered in the popular bootstrap-sass Ruby gem
2196ReDoS vulnerabilities in npm spikes by 143% and XSS continues to grow
2197Open source maintainers want to be secure, but 70% lack skills
2198Top ten most popular docker images each contain at least 30 vulnerabilities
2199Snyking in - Directory traversal vulnerability exploit in the st package
2200A serious security flaw in runC can result in root privilege escalation in Docker and Kubernetes
2201Scanning Docker images for key binaries - going beyond package managers
2202How even quick Node.js async functions can block the Event-Loop
2203Severe security vulnerability in Bower’s zip archive extraction
2204Snyk CLI drops support for Node.js 4 (Argon)
2205Snyk - Your Next Career Move!
22062018 Year in Review
2207Critical Arbitrary Code Execution Vulnerability Found in Kubernetes
2208Codefresh + Snyk = ship fast and securely
2209Faster & improved tests for JavaScript lockfile based projects
2210A post-mortem of the malicious event-stream backdoor
2211Malicious code found in npm package event-stream downloaded 8 million times in the past 2.5 months
2212Behind the disclosure: the Zip Slip vulnerability
2213Container vulnerability management for developers
2214The most common vulnerabilities in Maven Central and npm
2215JavaScript and Node.js Security – The Common Pitfalls
2216Attacking an FTP Client: MGETting more than you bargained for
2217Snyk is Now Integrated with Chrome’s Lighthouse
2218Python Mocking 101: Fake it before you make it
2219Where do security patches come from?
2220npm Shrinkwrap reloaded: Locking npm Deps with Package-Lock and Yarn.Lock
2221Using the Snyk API to find and fix vulnerabilities
2222Bower is dead, long live npm. And Yarn. And webpack.
222377% of 433,000 sites use vulnerable JavaScript libraries
2224Python 2 vs 3: Security Differences
2225Launching the State of Open Source Security Survey
2226Open source vulnerabilities tripped Equifax, how can you defend yourself?
2227Snyk and Atlassian, Sitting in a Tree
2228XSS Attacks: The Next Wave
2229Bitbucket Server Integration in Beta
2230Snyk is available on the GOV.UK Digital Marketplace!
2231Which of the OWASP Top 10 Caused the World’s Biggest Data Breaches?
2232Serverless Security implications—from infra to OWASP
2233Maven support is here!
2234Continuously secure all apps with unlimited Snyk projects
2235Type Manipulation: Escaping Template Sandboxes
2236Regular Expression Denial of Service (ReDoS) and Catastrophic Backtracking
2237Differences in version handling between RubyGems and npm
2238Launching serverless Snyk
2239Yarn is Micro Secure
2240Launching "The Secure Developer" Podcast
2241Threat modelling For Node.js applications
2242Using ES2015 Proxy for fun and profit
2243Enriching bitHound with Snyk
2244HTTPS Adoption *doubled* this year
2245Architecting a Serverless web application in AWS
2246Mitigating ImageMagick vulnerabilities in Node.js
2247Free vulnerability testing and monitoring for public GitHub projects
2248Exploiting Buffer
2249Using Node.js event loop for timing attacks
2250Keeping your open source credentials closed
2251Launching Snyk
2252A CEO's guide to Emacs
2253Immutable infrastructure: Networks
