VulniPulse uses Google Ads measurement to understand visits from advertisements and campaign performance. It runs cookie-free until you choose — accepting enables cookies for more accurate attribution. Rejecting keeps it cookie-free and never limits the site.
See exactly what is measuredComplete feed
Advisories the vendor has revised
Windows Shell Information Disclosure Vulnerability Affected products named by the advisory: Windows Server 2022; Windows Server 2025.
Windows Shell Information Disclosure Vulnerability Affected products named by the advisory: Windows Server 2019; Windows Server 2022; Windows Server 2025.
Microsoft Windows VMSwitch Denial of Service Vulnerability Affected products named by the advisory: Windows Server 2022; Windows Server 2025.
Windows Telephony Server Information Disclosure Vulnerability Affected products named by the advisory: Windows Server 2019; Windows Server 2022; Windows Server 2025; Windows Server 2016; and 2 more. Affected products named by the advisory: Windows Server 2012 R2.
Windows Hyper-V Information Disclosure Vulnerability Affected products named by the advisory: Windows Server 2019; Windows Server 2022; Windows Server 2025; Windows Server 2016; and 2 more. Affected products named by the advisory: Windows Server 2012 R2.
Windows Push Notification Information Disclosure Vulnerability Affected products named by the advisory: Windows Server 2019; Windows Server 2022; Windows Server 2025; Windows Server 2016.
Windows Push Notification Information Disclosure Vulnerability Affected products named by the advisory: Windows Server 2019; Windows Server 2022; Windows Server 2025; Windows Server 2016; and 2 more. Affected products named by the advisory: Windows Server 2012 R2.
Windows Network Controller (NC) Host Agent Denial of Service Vulnerability Affected products named by the advisory: Windows Server 2019; Windows Server 2022; Windows Server 2025.
Due to incorrect host parsing, applications that rely on UriComponentsBuilder to parse and validate an externally provided URL string may be exposed to a server-side request forgery (SSRF) attack. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18.
Spring MVC and WebFlux applications are vulnerable to Multipart request smuggling attacks. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48.
A vulnerability in the web-based user interface of Cisco Webex Meetings could have allowed an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack. Cisco has addressed this vulnerability in the Webex Meetings service, and no customer action is needed. This vulnerability existed because of insufficient validation of user input. Prior to this vulnerability being addressed, an attacker could have exploited this vulnerability by persuading a user to follow a malicious link. A successful exploit could have allowed the attacker to execute arbitrary script code in the browser of the targeted user or access sensitive, browser-based information. There are no workarounds that address this vulnerability. This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-xss-jw3NeQzS <br/>Security Impact Rating: Medium <br/>CVE: CVE-2026-20233
A buffer overflow vulnerability in the UPnP DeletePortMapping() command in Zyxel VMG4005-B50B firmware versions through 5.13(ABRL.5.4)C0 could allow an adjacent attacker to trigger a temporary denial-of-service (DoS) condition affecting the UPnP function of the affected device.
A buffer overflow vulnerability in the UPnP AddPortMapping() command in Zyxel VMG4005-B50B firmware versions through 5.13(ABRL.5.4)C0 could allow an adjacent attacker to trigger a temporary denial-of-service (DoS) condition affecting the UPnP function of the affected device.
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.9 before 18.10.7, 18.11 before 18.11.4, and 19.0 before 19.0.1 that under certain conditions could have allowed a blocked Project Access Token to continue accessing private resources due to incorrect authorization enforcement.
ROHC protocol dissector crash in Wireshark 4.6.0 to 4.6.5 and 4.4.0 to 4.4.15 allows denial of service Affected product named by the advisory: GitLab.
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.7 before 18.10.7, 18.11 before 18.11.4, and 19.0 before 19.0.1 that under certain conditions could have allowed an authenticated user to access CI data from a different ref type than intended.
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2 before 18.10.7, 18.11 before 18.11.4, and 19.0 before 19.0.1 that under certain conditions could have allowed an unauthorized user to enumerate private projects due to incorrect authorization checks.
A use of get request method with sensitive query strings vulnerability in volume encryption of Synology Storage Manager package before 1.0.1-1100 allows local users on Windows to obtain sensitive information. Affected products named by the advisory: Storage Manager for DSM 7.3; Storage Manager for DSM 7.2.2; Storage Manager for DSM 7.2.1.
Synology has released a security update for the Assistant on Windows to address a vulnerability : CVE-2025-66593 allows local users to write arbitrary files with restricted content. Please refer to the ' Affected product named by the advisory: Synology Assistant.
Synology has released a security update for the Active Backup for Business Agent on Windows to address a vulnerability : CVE-2025-66592 allows local users to write arbitrary files with restricted content. Please refer to the ' Affected product named by the advisory: Synology Active Backup for Business Agent.