Top 4 vulnerabilities
Windows CryptoAPI Spoofing Vulnerability.
Multiple Zoho ManageEngine on-premise products, such as ServiceDesk Plus through 14003, allow remote code execution due to use of Apache xmlsec (aka XML Security for Java) 1.4.1, because the xmlsec XSLT features, by design in that version, make the application responsible for certain security protections, and the ManageEngine applications did not provide those protections.
** DISPUTED ** KeePass through 2.53 (in a default installation) allows an attacker, who has write access to the XML configuration file, to obtain the cleartext passwords by adding an export trigger. NOTE: the vendor's position is that the password database is not intended to be secure against an attacker who has that level of access to the local PC.
The vRealize Log Insight contains a broken access control vulnerability. An unauthenticated malicious actor can remotely inject code into sensitive files of an impacted appliance which can result in remote code execution.
We collect the tweet related to vulnerability, then process them to create rankings and graphs.
The CVSS is a good value to think about the severity of the vulnerability. But the popularity is also should be considered as a good barometer. Because when the vulnerability becomes very popular, it is very likely to have more attacks.
