VulniPulse uses Google Ads measurement to understand visits from advertisements and campaign performance. It runs cookie-free until you choose — accepting enables cookies for more accurate attribution. Rejecting keeps it cookie-free and never limits the site.
See exactly what is measuredComplete feed
Advisories the vendor has revised
An attacker able to influence values in RelyingPartyRegistration may be able to run arbitrary code on HTML forms generated by Spring Security filters. Affected versions: Spring Security 5.7.0 through 5.7.23; 5.8.0 through 5.8.25; 6.3.0 through 6.3.16; 6.4.0 through 6.4.16; 6.5.0 through 6.5.10; 7.0.0 through 7.0.5.
An attacker with write permissions to the database table managed by JdbcAssertingPartyMetadataRepository (saml2_asserting_party_metadata) may be able to store malicious serialized payloads in the columns containing the collection of verification or encryption credentials (verification_credentials and encryption_credentials, respectively). Affected versions: Spring Security 7.0.0 through 7.0.5.
An application using spring-security-saml2-service-provider and the REDIRECT binding for SAML 2.0 Login or Logout may be vulnerable to a denial of service by way of an unbounded writer that inflates the compressed SAML payload into memory. Affected versions: Spring Security 5.7.0 through 5.7.23; 5.8.0 through 5.8.25; 6.3.0 through 6.3.16; 6.4.0 through 6.4.16; 6.5.0 through 6.5.10; 7.0.0 through 7.0.5.
Ivanti releases standard security patches on the second Tuesday of every month. In today’s rapidly evolving technology and threat landscape, we believe responsible transparency should be a cornerstone of any product security program. AI is compressing the time-to-exploit, and Ivanti uses leading technologies to proactively find and fix issues ––including integrating advanced LLMs into our Engineering and product security to enhance the capabilities of our teams. Our philosophy is simple: discovering and communicating vulnerabilities, and sharing that information with defenders, is not an indication of weakness; rather it is evidence of rigorous scrutiny and a proactive vulnerability management program. By aggressively seeking to identify and address vulnerabilities, our aim is to get ahead of threat actors to ensure our customers can take the steps needed to protect their environments. To that end, today Ivanti is disclosing vulnerabilities in Ivanti Endpoint Manager Mobile (EPMM) and Ivanti Sentry. It is important for customers to know: We have no evidence of these vulnerabilities being exploited in the wild. These vulnerabilities do not impact any other Ivanti solutions.
Windows DNS Client Elevation of Privilege Vulnerability Affected products named by the advisory: Windows Server 2019; Windows Server 2022; Windows Server 2025; Windows Server 2016; and 2 more. Affected products named by the advisory: Windows Server 2012 R2.
Windows Universal Disk Format File System Driver (UDFS) Elevation of Privilege Vulnerability Affected products named by the advisory: Windows Server 2022; Windows Server 2019; Windows Server 2025; Windows Server 2016; and 2 more. Affected products named by the advisory: Windows Server 2012 R2.
Windows Device Health Attestation (DHA) Elevation of Privilege Vulnerability Affected products named by the advisory: Windows Server 2019; Windows Server 2022; Windows Server 2025; Windows Server 2016.
Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability Affected products named by the advisory: Windows Server 2019; Windows Server 2022; Windows Server 2025; Windows Server 2016; and 2 more. Affected products named by the advisory: Windows Server 2012 R2.
Windows Program Compatibility Assistant Service Elevation of Privilege Vulnerability Affected products named by the advisory: Windows Server 2022; Windows Server 2025.
Microsoft Exchange Server Information Disclosure Vulnerability Affected products named by the advisory: Microsoft Exchange Server 2016 Cumulative Update 23; Microsoft Exchange Server Subscription Edition RTM; Microsoft Exchange Server 2019 Cumulative Update 15; Microsoft Exchange Server 2019 Cumulative Update 14.
Microsoft Exchange Server Elevation of Privilege Vulnerability Affected products named by the advisory: Microsoft Exchange Server Subscription Edition RTM; Microsoft Exchange Server 2019 Cumulative Update 15; Microsoft Exchange Server 2016 Cumulative Update 23; Microsoft Exchange Server 2019 Cumulative Update 14.
Microsoft Exchange Server Remote Code Execution Vulnerability Affected products named by the advisory: Microsoft Exchange Server 2016 Cumulative Update 23; Microsoft Exchange Server 2019 Cumulative Update 14; Microsoft Exchange Server 2019 Cumulative Update 15; Microsoft Exchange Server Subscription Edition RTM.
Windows Bluetooth Service Elevation of Privilege Vulnerability Affected products named by the advisory: Windows Server 2019; Windows Server 2022; Windows Server 2025; Windows Server 2016.
Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability Affected products named by the advisory: Windows Server 2019; Windows Server 2022; Windows Server 2025; Windows Server 2016; and 2 more. Affected products named by the advisory: Windows Server 2012 R2.
Windows Bluetooth Port Driver Elevation of Privilege Vulnerability Affected products named by the advisory: Windows Server 2022; Windows Server 2025.
Windows Hyper-V Remote Code Execution Vulnerability Affected products named by the advisory: Windows Server 2019; Windows Server 2022; Windows Server 2025; Windows Server 2016.
Windows Hyper-V Remote Code Execution Vulnerability Affected products named by the advisory: Windows Server 2022; Windows Server 2025.
Windows Active Directory Domain Services Remote Code Execution Vulnerability Affected products named by the advisory: Windows Server 2022; Windows Server 2025.
UEFI Secure Boot Security Feature Bypass Vulnerability Affected products named by the advisory: Windows Server 2019; Windows Server 2022; Windows Server 2025; Windows Server 2016; and 2 more. Affected products named by the advisory: Windows Server 2012 R2.
Windows Kerberos Key Distribution Center (KDC) Remote Code Execution Affected products named by the advisory: Windows Server 2019; Windows Server 2022; Windows Server 2025; Windows Server 2016; and 2 more. Affected products named by the advisory: Windows Server 2012 R2.