New!!! Try out our free CVE + CVSS scores database and stay up to date with CVE threats.

Start Researching

Seamless Protection Against Software Vulnerabilities

Better protect against software vulnerabilities in your  Operating Systems

0%
of cyber attacks result from
Software Vulnerabilities Software
Vulnerabi
lities
Software Vulnerabilities Software
Vulnerabi
lities
SoftwareVulnerabilities SoftwareVulnerabilities
TOPIA

Topia

Efficiently Reduce Organizational Security Risk

With hundreds of new software and OS vulnerabilities detected each month, productive use of your patching time is essential. Reducing organizational security risk can be strenuous, but with TOPIA’s vulnerability assessment toolbox, you get smart prioritization and safe remediation—with or without a security patch. TOPIA allows security teams to apply a consistent, comprehensive, and clear approach to identifying and resolving security threats and risks.

TOPIA
image

All-in-one
Vulnerability Assessment

A single agent that analyze, prioritize, and remediate cyber threats before they're exploited. TOPIA's is a unified cloud-based cost-effective vulnerability assessment tool.TOPIA is actively identifying risks and eliminates threats using proprietary xTags™ and Patchless Protection™ that go beyond traditional vulnerability management.

#Solution
#Solution
image

TOPIA Solution

image

Asset Inventory

Accurate knowledge is key for effective cybersecurity, so take control of your organization’s digital footprint with TOPIA. Get an exhaustive cloud-based, adaptive catalog of active servers, workstations, installed applications, and operating systems. Know what’s going on with real-time asset activity analysis for on-premise and cloud environments. Managing assets at any scale couldn’t be easier.

image

Prioritization and Threat Analysis

Focus on vulnerabilities that have a real probability of being exploited instead of solving problems that don’t exist. TOPIA prioritizes software vulnerabilities using CVSS base metrics and an AI-based contextual usage risk-scoring engine. Get comprehensive coverage of your digital environment’s security status with a contextual and personalized threat analysis.

image

Patch Management

Efficiently reduce organizational security risk with TOPIA’s integrated patch deployment tools. TOPIA allows you to quickly test and install patches across your organization’s assets while maintaining transparency between departments. Taking active steps toward remediation., leveraged by IT and security teams to assess and improve your threat mitigation and prevention processes.

image

Patchless Protection

With TOPIA's Patchless Protection™ deploys a force field around your most vulnerable assets using in-memory protection. TOPIA ensures your assets are always protected, even when a patch has not yet been prepared, tested, or deployed.

image

TOPIA
Unified Vulnerability Management

TOPIA continuously analyzes vulnerabilities, prioritizes threats, and protects vulnerable assets in real-time so your team can focus on getting more done.

#Analyze

#Prioritize

#Act

01
# Analyze
  • App & OS Auto Recognition
  • App Real-time Threat Analysis
  • Asset Real-time Threat Analysis
02
# Prioritize
  • Auto Prioritization Engine
  • Asset Risk Analysis
  • xTags ™
  • 0-Day Analysis
03
# Act
  • Recommended Action Engine
  • Real-Time Security Patch Management
  • Patchless Protection ™
Trusted by
Trusted by
  • Oshri Cohen

    CISO

    pic_oshri cohen.png
  • Ivo Dimitrov

    CISO

    ivo dimitrov ciso.png
  • Stefania Costa Cirillo

    IT Manager

    stephanie costa cirillo.png
  • Merge Security & IT to Remediate Threats

    Vicarius’s TOPIA enabled Adama to centralize and consolidate work between IT and security teams, leading to a more efficient patching workflow.

  • Close Patching Windows to Reduce Exposure

    Vicarius's advanced technology was able to protect us during the most vulnerable moment in our patching cycle. TOPIA kept VIP Security safe between patching windows with its proprietary Patchless Protection™ technology.

  • Straightforward and Easy

    Vicarius's proactive solution was able to predict threats across our organization faster and better than any other solution. TOPIA's cloud-based environment provided Telit with immediate feedback on their remediation efforts, critical for the new work-from-home (WFH) paradigm.

Join Live Demo

Monday

at

12:00

PM UTC+00:00

Join our weekly webinar where we discuss topics related to cybersecurity and vulnerability management.

#Research
Center

Recent CVEs and CVSS Scores

CVE-2020-7780

6.3
CVSS
a day ago

This affects the package com.softwaremill.akka-http-session:core_2.13 before 0.5.11; the package com.softwaremill.akka-http-session:core_2.12 before 0.5.11; the package com.softwaremill.akka-http-session:core_2.11 before 0.5.11. For older versions, endpoints protected by randomTokenCsrfProtection could be bypassed with an empty X-XSRF-TOKEN header and an empty XSRF-TOKEN cookie.

CVE-2020-7778

7.3
CVSS
2 days ago

This affects the package systeminformation before 4.30.2. The attacker can overwrite the properties and functions of an object, which can lead to executing OS commands.

CVE-2020-7779

5.3
CVSS
2 days ago

All versions of package djvalidator are vulnerable to Regular Expression Denial of Service (ReDoS) by sending crafted invalid emails - for example, --@------------------------------------------------------------------------------------------------------------------------!.

CVE-2020-29070

4.8
CVSS
3 days ago

osCommerce 2.3.4.1 has XSS vulnerability via the authenticated user entering the XSS payload into the title section of newsletters.

CVE-2020-29062

9.8
CVSS
4 days ago

An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN, FD1204SN-R2, FD1208S-R2, FD1216S-R1, FD1608GS, FD1608SN, FD1616GS, FD1616SN, and FD8000 devices. There is a default blank password for the guest account.

CVE-2020-29061

9.8
CVSS
4 days ago

An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN, FD1204SN-R2, FD1208S-R2, FD1216S-R1, FD1608GS, FD1608SN, FD1616GS, FD1616SN, and FD8000 devices. There is a default root126 password for the root account.

CVE-2020-29060

9.8
CVSS
4 days ago

An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN, FD1204SN-R2, FD1208S-R2, FD1216S-R1, FD1608GS, FD1608SN, FD1616GS, FD1616SN, and FD8000 devices. There is a default debug124 password for the debug account.

CVE-2020-29059

9.8
CVSS
4 days ago

An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN, FD1204SN-R2, FD1208S-R2, FD1216S-R1, FD1608GS, FD1608SN, FD1616GS, FD1616SN, and FD8000 devices. There is a default panger123 password for the suma123 account for certain old firmware.

CVE-2020-29058

9.8
CVSS
4 days ago

An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN, FD1204SN-R2, FD1208S-R2, FD1216S-R1, FD1608GS, FD1608SN, FD1616GS, FD1616SN, and FD8000 devices. Attackers can discover cleartext web-server credentials via certain /opt/lighttpd/web/cgi/ requests.

CVE-2020-29056

9.8
CVSS
4 days ago

An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN, FD1204SN-R2, FD1208S-R2, FD1216S-R1, FD1608GS, FD1608SN, FD1616GS, FD1616SN, and FD8000 devices. One can escape from a shell and acquire root privileges by leveraging the TFTP download configuration.

CVE-2020-29054

9.8
CVSS
4 days ago

An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN, FD1204SN-R2, FD1208S-R2, FD1216S-R1, FD1608GS, FD1608SN, FD1616GS, FD1616SN, and FD8000 devices. Attackers can use "show system infor" to discover cleartext TELNET credentials.

CVE-2020-29063

7.5
CVSS
4 days ago

An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN, FD1204SN-R2, FD1208S-R2, FD1216S-R1, FD1608GS, FD1608SN, FD1616GS, FD1616SN, and FD8000 devices. A custom encryption algorithm is used to store encrypted passwords. This algorithm will XOR the password with the hardcoded *j7a(L#yZ98sSd5HfSgGjMj8;Ss;d)(*&^#@$a2s0i3g value.

CVE-2020-29057

7.5
CVSS
4 days ago

An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN, FD1204SN-R2, FD1208S-R2, FD1216S-R1, FD1608GS, FD1608SN, FD1616GS, FD1616SN, and FD8000 devices. It allows remote attackers to cause a denial of service (reboot) by sending random bytes to the telnet server on port 23, aka a "shawarma" attack.

CVE-2020-29055

5.9
CVSS
4 days ago

An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN, FD1204SN-R2, FD1208S-R2, FD1216S-R1, FD1608GS, FD1608SN, FD1616GS, FD1616SN, and FD8000 devices. By default, the appliance can be managed remotely only with HTTP, telnet, and SNMP. It doesn't support SSL/TLS for HTTP or SSH. An attacker can intercept passwords sent in cleartext and conduct man-in-the-middle attacks on the management of the appliance.

CVE-2020-29053

6.1
CVSS
4 days ago

HRSALE 2.0.0 allows XSS via the admin/project/projects_calendar set_date parameter.

CVE-2020-25475

9.8
CVSS
4 days ago

SimplePHPscripts News Script PHP Pro 2.3 is affected by a SQL Injection via the id parameter in an editNews action.

CVE-2020-25472

6.5
CVSS
4 days ago

SimplePHPscripts News Script PHP Pro 2.3 is affected by a Cross Site Request Forgery (CSRF) vulnerability, which allows attackers to add new users.

CVE-2020-25474

6.1
CVSS
4 days ago

SimplePHPscripts News Script PHP Pro 2.3 is affected by a Cross Site Scripting (XSS) vulnerability via the editor_name parameter.

CVE-2018-16723

7.8
CVSS
5 days ago

In Jingyun Antivirus v2.4.2.39, the driver file (ZySandbox.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x12364020.

CVE-2018-16722

7.8
CVSS
5 days ago

In Jingyun Antivirus v2.4.2.39, the driver file (ZySandbox.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x12360094, a related issue to CVE-2018-16305.

CVE-2018-16721

7.8
CVSS
5 days ago

In Jingyun Antivirus v2.4.2.39, the driver file (ZySandbox.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x12360090, a related issue to CVE-2018-16306.

CVE-2018-16720

7.8
CVSS
5 days ago

In Jingyun Antivirus v2.4.2.39, the driver file (ZySandbox.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x1236001c, a related issue to CVE-2018-16304.

CVE-2018-16719

7.8
CVSS
5 days ago

In Jingyun Antivirus v2.4.2.39, the driver file (hookbody.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x00221482.

CVE-2019-14586

8
CVSS
5 days ago

Use after free vulnerability in EDK II may allow an authenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via adjacent access.

CVE-2019-14575

7.8
CVSS
5 days ago

Logic issue in DxeImageVerificationHandler() for EDK II may allow an authenticated user to potentially enable escalation of privilege via local access.

image

Don't Wait Until It's Too Late

Powerfully protect your OS and third-party applications starting today.