2026-03-18: [CVE-2026-20963] Microsoft SharePoint Deserialization of Untrusted Data Vulnerability

Microsoft SharePoint contains a deserialization of untrusted data vulnerability that allows an unauthorized attacker to execute code over a network.

#cisakev

2026-03-18: [CVE-2025-66376] Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting Vulnerability

Synacor Zimbra Collaboration Suite (ZCS) contains a cross-site scripting vulnerability in the Classic UI where attackers could abuse Cascading Style Sheets (CSS) @import directives in email HTML.

#cisakev

2026-03-16: [CVE-2025-47813] Wing FTP Server Information Disclosure Vulnerability

Wing FTP Server contains a generation of error message containing sensitive information vulnerability when using a long value in the UID cookie.

#cisakev

2026-03-13: [CVE-2026-3910] Google Chromium V8 Improper Restriction of Operations Within the Bounds of a Memory Buffer Vulnerability

Google Chromium V8 contains an improper restriction of operations within the bounds of a memory buffer vulnerability that could allow a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

#cisakev

2026-03-13: [CVE-2026-3909] Google Skia Out-of-Bounds Write Vulnerability

Google Skia contains an out-of-bounds write vulnerability that could allow a remote attacker to perform out of bounds memory access via a crafted HTML page. This vulnerability affects Google Chrome and ChromeOS, Android, Flutter, and possibly other products.

#cisakev

2026-03-11: [CVE-2025-68613] n8n Improper Control of Dynamically-Managed Code Resources Vulnerability

n8n contains an improper control of dynamically managed code resources vulnerability in its workflow expression evaluation system that allows for remote code execution.

#cisakev

2026-03-09: [CVE-2021-22054] Omnissa Workspace ONE Server-Side Request Forgery

Omnissa Workspace One UEM formerly known as VMware Workspace One UEM contains a server-side request forgery (SSRF) vulnerability that could allow a malicious actor with network access to UEM to send their requests without authentication and to gain access to sensitive information.

#cisakev

2026-03-09: [CVE-2025-26399] SolarWinds Web Help Desk Deserialization of Untrusted Data Vulnerability

SolarWinds Web Help Desk contain a deserialization of untrusted data vulnerability in AjaxProxy that could allow an attacker to run commands on the host machine.

#cisakev

2026-03-09: [CVE-2026-1603] Ivanti Endpoint Manager (EPM) Authentication Bypass Vulnerability

Ivanti Endpoint Manager (EPM) contains an authentication bypass using an alternate path or channel vulnerability that could allow a remote unauthenticated attacker to leak specific stored credential data.

#cisakev

2026-03-05: [CVE-2017-7921] Hikvision Multiple Products Improper Authentication Vulnerability

Multiple Hikvision products contain an improper authentication vulnerability that could allow a malicious user to escalate privileges on the system and gain access to sensitive information.

#cisakev