Vulnerability Disclosure

Infosecurity Magazine Vulnerability Disclosure Apr 16

Systemic Flaw in MCP Protocol Could Expose 150 Million Downloads

Ox Security claims as many as 200,000 servers are exposed by newly discovered MCP vulnerability

Infosecurity Magazine →

Recorded Future Vulnerability Disclosure Apr 16

From Bazooka to Fake Nikes

A deep dive into business impersonation fraud — from fake companies cashing stolen checks to AI-powered shopping scams — and why the same vulnerability enabl...

Recorded Future →

Qualys Blog Vulnerability Disclosure Oracle Qualys Apr 15

Qualys VMDR and TotalCloud™ Now Available on Oracle Cloud Marketplace

Key Takeaways As organizations accelerate cloud adoption, security teams are under increasing pressure to gain unified visibility, prioritize risk effectivel...

Qualys Blog →

Cisco Advisories Vulnerability Disclosure Cisco Apr 15

Cisco Identity Services Engine Remote Code Execution Vulnerabilities

Multiple vulnerabilities in Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to execute arbitrary commands on the underlyin...

T1190

Cisco Advisories →

Cisco Advisories Vulnerability Disclosure Cisco Apr 15

Cisco Identity Services Engine Authenticated Privilege Escalation Vulnerability

A vulnerability in the CLI of Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC) could allow an authenticated, local att...

T1059 T1548

Cisco Advisories →

Cisco Advisories Vulnerability Disclosure Cisco Apr 15

Cisco Identity Services Engine Multiple Cross-Site Scripting Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker with adm...

Cisco Advisories →

Cisco Advisories Vulnerability Disclosure Cisco Apr 15

Cisco ThousandEyes Enterprise Agent Arbitrary File Overwrite Vulnerability

A vulnerability in the CLI of Cisco ThousandEyes Enterprise Agent could allow an authenticated, local attacker with low privileges to overwrite arbitrary fil...

Cisco Advisories →

Cisco Advisories Vulnerability Disclosure Cisco Apr 15

Cisco Unity Connection Arbitrary File Download Vulnerabilities

Multiple vulnerabilities in Cisco Unity Connection could allow an authenticated, remote attacker to download arbitrary files from an affected system. To expl...

Cisco Advisories →

Cisco Advisories Vulnerability Disclosure Cisco Apr 15

Cisco Unity Connection Cross-Site Scripting, Open Redirect, and SQL Injection Vulnerabilities

Multiple vulnerabilities in Cisco Unity Connection could allow a remote attacker to conduct a cross-site scripting (XSS) attack, an open redirect attack, and...

2 IOCs

Cisco Advisories →

Cisco Advisories Vulnerability Disclosure Cisco Apr 15

Cisco Webex Contact Center Cross-Site Scripting Vulnerability

A vulnerability in the Desktop Agent functionality of Cisco Webex Contact Center could have allowed an unauthenticated, remote attacker to conduct cross-site...

T1598

Cisco Advisories →

Infosecurity Magazine Vulnerability Disclosure Apr 15

AI Companies to Play Bigger Role in CVE Program, Says CISA

At VulnCon, Lindsey Cerkovnik, head of vulnerability management at CISA, said AI companies should play a bigger role in vulnerability disclosures in the future

Infosecurity Magazine →

Zero Day Initiative Vulnerability Disclosure Microsoft Apr 15

ZDI-26-275: Microsoft Qlib _mount_nfs_uri Command Injection Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Microsoft Qlib. Authentication is not required to...

T1190 T1059

Zero Day Initiative →

Zero Day Initiative Vulnerability Disclosure Microsoft Apr 15

ZDI-26-274: Microsoft Qlib fit Deserialization of Untrusted Data Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Qlib. User interaction is required to exploit thi...

T1190

Zero Day Initiative →

Zero Day Initiative Vulnerability Disclosure Microsoft Apr 15

ZDI-26-273: Microsoft Olive Deserialization of Untrusted Data Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Olive. User interaction is required to exploit th...

T1190

Zero Day Initiative →

Zero Day Initiative Vulnerability Disclosure Apr 15

ZDI-26-267: Malwarebytes Anti-Malware Uncontrolled Search Path Element Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Malwarebytes Anti-Malware. An attacker must first obtain the ab...

T1548 T1068

Zero Day Initiative →

Zero Day Initiative Vulnerability Disclosure Docker Apr 15

ZDI-26-261: (0Day) Docker Desktop credentialHelper Directory Traversal Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Docker Desktop. An attacker must first obtain the ability to es...

T1548

Zero Day Initiative →

Zero Day Initiative Vulnerability Disclosure Docker Apr 15

ZDI-26-260: (0Day) Docker Desktop System Editor Uncontrolled Search Path Element Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Docker Desktop. An attacker must first obtain the ability to es...

T1548

Zero Day Initiative →

Zero Day Initiative Vulnerability Disclosure Microsoft Docker Apr 15

ZDI-26-259: (0Day) Docker Desktop cli-plugins Incorrect Permission Assignment Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Docker Desktop for Windows. An attacker must first obtain the a...

T1548 T1068

Zero Day Initiative →

Zero Day Initiative Vulnerability Disclosure Microsoft Docker Apr 15

ZDI-26-258: (0Day) Docker Desktop extension-manager Exposed Dangerous Function Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Docker Desktop for Windows. An attacker must first obtain the a...

T1548 T1068

Zero Day Initiative →

Wordfence Blog Vulnerability Disclosure Intel WordPress Apr 13

Attackers Actively Exploiting Critical Vulnerability in Kali Forms Plugin

On March 2nd, 2026, we received a submission through our Bug Bounty Program for a Remote Code Execution vulnerability in Kali Forms, a WordPress plugin with ...

T1190

Wordfence Blog →