Lucene search
K

2258 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2025/08/21 7:56 p.m.10 views

Security Bulletin: Apache Parquet Common Vulnerability reported in Cloudera offerings with IBM. Fixes available from Cloudera

Summary On April 1, 2025, a critical vulnerability in the parquet-avro module of Apache Parquet CVE-2025-30065, CVSS score 10.0 was announced. Vulnerability Details CVEID:CVE-2025-30065 DESCRIPTION: Schema parsing in the parquet-avro module of Apache Parquet 1.15.0 and previous versions allows ba...

10CVSS8AI score0.38701EPSS
Exploits9Affected Software1
RedhatCVE
RedhatCVE
added 2025/08/17 5:25 p.m.17 views

CVE-2025-9060

A vulnerability has been found in the MSoft MFlash application that allows execution of arbitrary code on the server. The issue occurs in the integration configuration functionality that is only available to MFlash administrators. The vulnerability is related to insufficient validation of...

9.1CVSS7.9AI score0.00501EPSS
Exploits0References1
NVD
NVD
added 2025/08/15 5:15 p.m.30 views

CVE-2025-9060

A vulnerability has been found in the MSoft MFlash application that allows execution of arbitrary code on the server. The issue occurs in the integration configuration functionality that is only available to MFlash administrators. The vulnerability is related to insufficient validation of...

9.1CVSS0.00501EPSS
Exploits0References1
CVE
CVE
added 2025/08/15 4:25 p.m.23 views

CVE-2025-9060

CVE-2025-9060 pertains to MSoft MFlash, where insufficient validation of parameters in the integration configuration functionality (accessible to administrators) can lead to arbitrary code execution on the server. Affects MFlash v8.0 (and possibly other versions). Reported remediation is to apply...

9.1CVSS7.1AI score0.00501EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/08/15 4:25 p.m.5 views

CVE-2025-9060 MFlash Remote Code Execution (RCE) after authentication of a user with the "administrator" role

A vulnerability has been found in the MSoft MFlash application that allows execution of arbitrary code on the server. The issue occurs in the integration configuration functionality that is only available to MFlash administrators. The vulnerability is related to insufficient validation of...

9.1CVSS7.7AI score0.00501EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/08/15 4:25 p.m.26 views

CVE-2025-9060 MFlash Remote Code Execution (RCE) after authentication of a user with the "administrator" role

A vulnerability has been found in the MSoft MFlash application that allows execution of arbitrary code on the server. The issue occurs in the integration configuration functionality that is only available to MFlash administrators. The vulnerability is related to insufficient validation of...

9.1CVSS0.00501EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/08/15 12:0 a.m.13 views

PT-2025-33502 · Msoft · Msoft Mflash

Name of the Vulnerable Software and Affected Versions: MSoft MFlash version 8.0 Description: A vulnerability has been found in MSoft MFlash that allows execution of arbitrary code on the server. The issue occurs in the integration configuration functionality, which is only available to...

9.1CVSS7AI score0.00501EPSS
Exploits0References6
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/08/14 6:52 p.m.5 views

Malicious code in parse-server-hotfix (npm)

The package parse-server-hotfix was found to contain malicious code...

7AI score
Exploits0
OSV
OSV
added 2025/08/14 6:52 p.m.3 views

MAL-2025-28879 Malicious code in parse-server-hotfix (npm)

The package parse-server-hotfix was found to contain malicious code...

7.2AI score
Exploits0
CISA
CISA
added 2025/08/12 12:0 p.m.70 views

Microsoft Releases Guidance on High-Severity Vulnerability (CVE-2025-53786) in Hybrid Exchange Deployments

Update 08/12/2025: CISA has updated this alert to provide clarification on identifying Exchange Servers on an organization’s networks and provided further guidance on running the Microsoft Exchange Health Checker. Update 08/07/2025: CISA issued Emergency Directive ED 25-02: Mitigate Microsoft...

8CVSS7.1AI score0.07448EPSS
In wildExploits0References10
Microsoft KB
Microsoft KB
added 2025/08/12 7:0 a.m.10 views

Hotfix update for Exchange Server 2016 CU23: April 18, 2025 (KB5050674)

Hotfix update for Exchange Server 2016 CU23: April 18, 2025 KB5050674 Hotfix update for Microsoft Exchange Server 2016 CU23 was released on April 18, 2025. It includes fixes for non-security issues and introduces new features.​​​​​​​ Note: This update also includes all the updates that were...

8CVSS7.9AI score0.07448EPSS
Exploits0
Microsoft KB
Microsoft KB
added 2025/08/12 7:0 a.m.18 views

Hotfix update for Exchange Server 2019 CU15: April 18, 2025 (KB5050672)

Hotfix update for Exchange Server 2019 CU15: April 18, 2025 KB5050672 Hotfix update for Microsoft Exchange Server 2019 CU15 was released on April 18, 2025. It includes fixes for non-security issues and introduces new features. These fixes and features will also be included in later cumulative...

8CVSS7.8AI score0.07448EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/08/12 12:0 a.m.7 views

Security Updates for Microsoft Exchange Server (August 2025)

The Microsoft Exchange Server installed on the remote host is missing a security update. It is, therefore, affected by multiple vulnerabilities as referenced in the August, 2025 security bulletin. - Exposure of sensitive information to an unauthorized actor in Microsoft Exchange Server allows an...

7.5CVSS5.9AI score0.01267EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2025/07/16 12:0 a.m.14 views

Sophos XG Firewall <= 17.5.12 RCE

Sophos XG Firewall 17.x through v17.5 MR12 allows a Buffer Overflow and remote code execution via the HTTP/S Bookmarks feature for clientless access. Hotfix HF062020.1 was published for all firewalls running v17.x. Note that Nessus has not tested for this issue but has instead relied only on the...

9.8CVSS9.1AI score0.10674EPSS
Exploits0References2
Citrix
Citrix
added 2025/06/17 11:57 a.m.16 views

Citrix Workspace app for Windows Security Bulletin CVE-2025-4879

Severity - High Description of Problem A vulnerability has been discovered that impacts the Citrix Workspace app for Windows. Affected Versions The vulnerability affects the following supported versions of the Citrix Workspace app for Windows Current Release CR Citrix Workspace app for Windows...

7.8CVSS7.3AI score0.00116EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2025/06/17 12:0 a.m.13 views

PT-2025-25755 · Fortra · Ca Privileged Access Manager

Name of the Vulnerable Software and Affected Versions: Fortra's Core Privileged Access Manager BoKS versions 7.2.0 through 7.2.0.17 Fortra's Core Privileged Access Manager BoKS versions 8.1.0 through 8.1.0.22 Fortra's Core Privileged Access Manager BoKS versions 8.1.1 through 8.1.1.7 Fortra's Cor...

5.5CVSS6.2AI score0.00123EPSS
Exploits0References5
Microsoft KB
Microsoft KB
added 2025/05/29 12:0 a.m.4 views

Hotfix update for Exchange Server 2019 CU14 HU5: May 29, 2025 (KB5057652)

Hotfix update for Exchange Server 2019 CU14 HU5: May 29, 2025 KB5057652 Hotfix update for Microsoft Exchange Server 2019 CU14 HU5 was released on May 29, 2025. It includes fixes for nonsecurity issues and introduces new features. These fixes and features will also be included in later cumulative...

6AI score
Exploits0
Microsoft KB
Microsoft KB
added 2025/05/29 12:0 a.m.7 views

Hotfix update for Exchange Server 2019 CU15 HU2: May 29, 2025 (KB5057651)

Hotfix update for Exchange Server 2019 CU15 HU2: May 29, 2025 KB5057651 Hotfix update for Microsoft Exchange Server 2019 CU15 HU2 was released on May 29, 2025. It includes fixes for nonsecurity issues and introduces new features. These fixes and features will also be included in later cumulative...

6.5AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/25 10:16 a.m.22 views

CVE-2025-4379

DobryCMS in versions 2. and lower is vulnerable to Reflected Cross-Site Scripting XSS. Improper input validation in szukaj parameter allows arbitrary JavaScript to be executed on victim's browser when specially crafted URL is opened. A hotfix for affected versions was released on 29.04.2025. It...

5.1CVSS6.4AI score0.00405EPSS
Exploits0References1
NVD
NVD
added 2025/05/23 10:15 a.m.16 views

CVE-2025-4379

DobryCMS in versions 2. and lower is vulnerable to Reflected Cross-Site Scripting XSS. Improper input validation in szukaj parameter allows arbitrary JavaScript to be executed on victim's browser when specially crafted URL is opened. A hotfix for affected versions was released on 29.04.2025. It...

5.1CVSS0.00405EPSS
Exploits0References3
Rows per page
Query Builder