Advisories the vendor has revised
Libcurl - Cookie Leakage Due to Stale Host Header Handling
libcurl – Cross Proxy Digest Authentication State Leak
OTP Invalidation Missing Upon Regeneration
MongoBleed: MongoDB Memory Disclosure Vulnerability (CVE-2025-14847)
Stored Cross-Site Scripting Vulnerability
Argument Injection Vulnerability in CommServe
Vulnerability in Initial Administrator Login Process
Vulnerability in Commvault Command Center Installation
CVE.Org link: CVE-2025-3928 Save as PDF A vulnerability has been identified and remediated in all supported versions of the Commvault software. Webservers can be compromised through bad actors creating and executing webshells. Exploiting this vulnerability requires a bad actor to have authenticated user credentials within the Commvault Software environment. Unauthenticated access is not exploitable. For software customers, this means your environment must be: (i) accessible via the internet, (ii) compromised through an unrelated avenue, and (iii) accessed leveraging legitimate user credentials.
Apache Tomcat Remote Code Execution (CVE-2025-24813) Vulnerability
DLL Injection Vulnerability in the Software Installation Path
SQL Injection and Command Injection Advisory
Security vulnerability in Windows access nodes that are used for file server data protection
Remote Code Execution Vulnerability in Apache ActiveMQ
CVE.Org link: CVE-2023-4863 Save as PDF
Remote Code Execution Vulnerability in the Spring Framework
Vulnerability in Apache Log4j Logging Libraries Impacting Commvault Products
Local Privilege Escalation Vulnerability in Polkit's pkexec Utility
Authentication Bypass Vulnerabilities on CVWebService Endpoint
Discuss the latest advisories, swap patch-day notes with other infra teams, and get support — straight from the people who run VulniPulse.
Join the communityIf you want to support server/domain costs, please donate below — much love ❤️
Donate