! Update March 6, 2026 New Actively Exploited Flaws in Cisco Catalyst SD-WAN Of the five additional vulnerabilities affecting Catalyst SD-WAN that were disclosed in a second security report the same day, CVE-2026-20128 CVSS 7.5 and CVE-2026-20122 CVSS 5.4 are now reported by Cisco as actively exploited in the wild. No PoCs for either CVE […]
So far, 2026 is off to a raucous start. With so much activity in the software vulnerability landscape it’s easy to understand the concerns of global executives discussed in Part 1 of the January 2026 Threat Report. This volatility also highlights the value of Greenbone’s industry-leading detection coverage. In Part 2 of the January Threat […]
So far, 2026 is off to a raucous start. The number of critical severity vulnerabilities impacting widely deployed software is staggering. Defenders need to scan widely and scan often to detect new threats in their infrastructure and prioritize mitigation efforts based on the potential impact to business operations, privacy regulations, and other compliance responsibilities. Defenders […]
On January 13th, 2026, Fortinet publicly disclosed and patched CVE-2025-64155 (CVSS 9.8) affecting FortiSIEM along with five additional vulnerabilities across its product line [1][2][3][4][5]. In particular, CVE-2025-64155 represents high-risk exposure; immediately after its release, active exploitation was reported. The flaw was responsibly disclosed to Fortinet almost six months ago (August 2025), by Horizon3.ai. Greenbone includes […]
In 2025, Greenbone increased the total number of vulnerability tests in the OPENVAS ENTERPRISE FEED to over 227,000, adding almost 40,000 vulnerability checks. Since the first CVE was published in 1999, over 300,000 software vulnerabilities have been added to MITRE’s CVE repository. CVE disclosures continued to rocket upward, increasing roughly 21% compared to 2024. CISA […]
! Update January 26, 2026 On January 15th, 2025, Cisco released patches for CVE-2025-20393 CVSS 10. Cisco recommends upgrading to a fixed release. The patches are intended to remove the persistence mechanisms observed in the campaign. There are no workarounds; patching is required for complete mitigation. Fixed versions are: • Cisco Secure Email Gateway (SEG) […]
! Update December 15, 2025 Three additional React Server Components (RSC) flaws have been identified, which require further patching: • CVE-2025-55184 CVSS 7.5 and CVE-2025-67779 CVSS 7.5: Both flaws allow pre-authenticated Denial of Service (DoS). CVE-2025-67779 is considered a bypass of the original React2Shell patch. However, exploitation does not allow remote code execution (RCE). • […]
Was November 2025 a quiet month for cyber security? No, of course not. Fallout from the Oracle EBS ransomware campaigns, which began in October, was widespread; over 29 organizations have been claimed by the Cl0p syndicate alone, with over 100 victims in total. This included Envoy Air (an American Airlines subsidiary), Cox Enterprises, Logitech, Harvard […]
Just over 4,100 new CVEs emerged in October 2025, representing new attack surfaces and placing pressure on defenders to identify and patch. For operational resilience, organizations need to scan their IT infrastructure often and prioritize mitigation efforts. A free trial of Greenbone’s OPENVAS BASIC lets defenders scan their enterprise IT estate and stay on top […]
Discussion of a new security issue affecting Fortinet’s FortiWeb began circulating online in early October 2025, when cyber deception firm Defused reported capturing a working exploit via honeypot. FortiWeb is Fortinet’s web application firewall (WAF) platform, designed to shield web applications from malicious activity. For over one month, Defused’s revelation mostly lurked in the shadows; […]
