Forwarding Taiwan Computer Emergency Response Team / Coordination Center (TWCERT/CC) Security Alert TWCERTCC-200-202603-00000007
[CVE-2026-22719] Broadcom VMware Aria Operations Command Injection Vulnerability (CVSS v3.1: 8.1)
[Ransomware Exploitation: Unknown] Broadcom VMware Aria Operations contains a command injection vulnerability. An unauthenticated attacker could exploit this vulnerability to execute arbitrary commands, which could lead to remote code execution when supporting assistive product migration.
[CVE-2026-21385] Qualcomm Multiple Chipsets Memory Corruption Vulnerability (CVSS v3.1: 7.8)
[Ransomware Exploitation: Unknown] Multiple Qualcomm chipsets contain a memory corruption vulnerability during memory allocation alignment.
[CVE-2017-7921] Hikvision Multiple Products Improper Authentication Vulnerability (CVSS v3.1: 9.8)
[Ransomware Exploitation: Unknown] Multiple Hikvision products contain an improper authentication vulnerability. A malicious user could exploit this to escalate system privileges and access sensitive information.
[CVE-2021-22681] Rockwell Multiple Products Insufficient Protected Credentials Vulnerability (CVSS v3.1: 9.8)
[Ransomware Exploitation: Unknown] Multiple Rockwell products contain an insufficient protected credentials vulnerability. A key in the Studio 5000 Logix Designer software could be discovered, which is used to authenticate communications between Logix controllers and Rockwell Automation design software. If successfully exploited, an unauthorized application could connect to a Logix controller.
[CVE-2023-43000] Apple Multiple products Use-After-Free Vulnerability (CVSS v3.1: 8.8)
[Ransomware Exploitation: Unknown] Apple macOS, iOS, iPadOS, and Safari 16.6 contain a use-after-free vulnerability. When the system processes maliciously crafted web content, it may lead to memory corruption.
[CVE-2021-30952] Apple Multiple Products Integer Overflow or Wraparound Vulnerability (CVSS v3.1: 8.8)
[Ransomware Exploitation: Unknown] Apple tvOS, macOS, Safari, iPadOS, and watchOS contain an integer overflow or wraparound vulnerability. When the system processes maliciously crafted web content, it may lead to arbitrary code execution.
[CVE-2023-41974] Apple iOS and iPadOS Use-After-Free Vulnerability (CVSS v3.1: 7.8)
[Ransomware Exploitation: Unknown] Apple iOS and iPadOS contain a use-after-free vulnerability. An application could exploit this to execute arbitrary code with kernel privileges.