NAS & Storage News Feed

Security

F5 BIG-IP Unspecified Vulnerability

F5 BIG-IP APM contains an unspecified vulnerability that could allow a threat actor to achieve remote code execution.

CISA Known Exploited Vulnerabilities Mar 27, 2026 CVE

Security

Aquasecurity Trivy Embedded Malicious Code Vulnerability

Aquasecurity Trivy contains an embedded malicious code vulnerability that could allow an attacker to gain access to everything in the CI/CD environment, including all tokens, SSH keys, cloud credentials, database passwords, and any sensitive configuration in memory.

CISA Known Exploited Vulnerabilities Mar 26, 2026 CVE

Security

Langflow Code Injection Vulnerability

Langflow contains a code injection vulnerability that could allow building public flows without requiring authentication.

CISA Known Exploited Vulnerabilities Mar 25, 2026 CVE

Security

Apple Multiple Products Buffer Overflow Vulnerability

Apple Safari, iOS, watchOS, visionOS, iPadOS, macOS, and tvOS contain a buffer overflow vulnerability that could allow the processing of maliciously crafted web content which may lead to memory corruption.

CISA Known Exploited Vulnerabilities Mar 20, 2026 APPLE CVE

Security

Apple Multiple Products Classic Buffer Overflow Vulnerability

Apple watchOS, iOS, iPadOS, macOS, visionOS, tvOS, and iPadOS contain a classic buffer overflow vulnerability which could allow a malicious application to cause unexpected system termination or write kernel memory.

CISA Known Exploited Vulnerabilities Mar 20, 2026 APPLE CVE

Security

Apple Multiple Products Improper Locking Vulnerability

Apple watchOS, iOS, iPadOS, macOS, visionOS, and tvOS contain an improper locking vulnerability that could allow a malicious application to cause unexpected changes in memory shared between processes.

CISA Known Exploited Vulnerabilities Mar 20, 2026 APPLE CVE

Security

Laravel Livewire Code Injection Vulnerability

Laravel Livewire contain a code injection vulnerability that could allow unauthenticated attackers to achieve remote command execution in specific scenarios.

CISA Known Exploited Vulnerabilities Mar 20, 2026 CVE

Security

Craft CMS Code Injection Vulnerability

Craft CMS contains a code injection vulnerability that allows a remote attacker to execute arbitrary code.

CISA Known Exploited Vulnerabilities Mar 20, 2026 CVE

Security

Cisco Secure Firewall Management Center (FMC) Software and Cisco Security Cloud Control (SCC) Firewall Management Deserialization of Untrusted Data Vulnerability

Cisco Secure Firewall Management Center (FMC) Software and Cisco Security Cloud Control (SCC) Firewall Management contain a deserialization of untrusted data vulnerability in the web-based management interface that could allow an unauthenticated, remote attacker to execute arbitrary Java code as root on an affected device.

CISA Known Exploited Vulnerabilities Mar 19, 2026 CVE

Security

Microsoft SharePoint Deserialization of Untrusted Data Vulnerability

Microsoft SharePoint contains a deserialization of untrusted data vulnerability that allows an unauthorized attacker to execute code over a network.

CISA Known Exploited Vulnerabilities Mar 18, 2026 CVE

Security

Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting Vulnerability

Synacor Zimbra Collaboration Suite (ZCS) contains a cross-site scripting vulnerability in the Classic UI where attackers could abuse Cascading Style Sheets (CSS) @import directives in email HTML.

CISA Known Exploited Vulnerabilities Mar 18, 2026 CVE

Security

Wing FTP Server Information Disclosure Vulnerability

Wing FTP Server contains a generation of error message containing sensitive information vulnerability when using a long value in the UID cookie.

CISA Known Exploited Vulnerabilities Mar 16, 2026 CVE

Get this in your inbox