2258 matches found
Security Bulletin: Apache Parquet Common Vulnerability reported in Cloudera offerings with IBM. Fixes available from Cloudera
Summary On April 1, 2025, a critical vulnerability in the parquet-avro module of Apache Parquet CVE-2025-30065, CVSS score 10.0 was announced. Vulnerability Details CVEID:CVE-2025-30065 DESCRIPTION: Schema parsing in the parquet-avro module of Apache Parquet 1.15.0 and previous versions allows ba...
CVE-2025-9060
A vulnerability has been found in the MSoft MFlash application that allows execution of arbitrary code on the server. The issue occurs in the integration configuration functionality that is only available to MFlash administrators. The vulnerability is related to insufficient validation of...
CVE-2025-9060
A vulnerability has been found in the MSoft MFlash application that allows execution of arbitrary code on the server. The issue occurs in the integration configuration functionality that is only available to MFlash administrators. The vulnerability is related to insufficient validation of...
CVE-2025-9060
CVE-2025-9060 pertains to MSoft MFlash, where insufficient validation of parameters in the integration configuration functionality (accessible to administrators) can lead to arbitrary code execution on the server. Affects MFlash v8.0 (and possibly other versions). Reported remediation is to apply...
CVE-2025-9060 MFlash Remote Code Execution (RCE) after authentication of a user with the "administrator" role
A vulnerability has been found in the MSoft MFlash application that allows execution of arbitrary code on the server. The issue occurs in the integration configuration functionality that is only available to MFlash administrators. The vulnerability is related to insufficient validation of...
CVE-2025-9060 MFlash Remote Code Execution (RCE) after authentication of a user with the "administrator" role
A vulnerability has been found in the MSoft MFlash application that allows execution of arbitrary code on the server. The issue occurs in the integration configuration functionality that is only available to MFlash administrators. The vulnerability is related to insufficient validation of...
PT-2025-33502 · Msoft · Msoft Mflash
Name of the Vulnerable Software and Affected Versions: MSoft MFlash version 8.0 Description: A vulnerability has been found in MSoft MFlash that allows execution of arbitrary code on the server. The issue occurs in the integration configuration functionality, which is only available to...
Malicious code in parse-server-hotfix (npm)
The package parse-server-hotfix was found to contain malicious code...
MAL-2025-28879 Malicious code in parse-server-hotfix (npm)
The package parse-server-hotfix was found to contain malicious code...
Microsoft Releases Guidance on High-Severity Vulnerability (CVE-2025-53786) in Hybrid Exchange Deployments
Update 08/12/2025: CISA has updated this alert to provide clarification on identifying Exchange Servers on an organization’s networks and provided further guidance on running the Microsoft Exchange Health Checker. Update 08/07/2025: CISA issued Emergency Directive ED 25-02: Mitigate Microsoft...
Hotfix update for Exchange Server 2016 CU23: April 18, 2025 (KB5050674)
Hotfix update for Exchange Server 2016 CU23: April 18, 2025 KB5050674 Hotfix update for Microsoft Exchange Server 2016 CU23 was released on April 18, 2025. It includes fixes for non-security issues and introduces new features. Note: This update also includes all the updates that were...
Hotfix update for Exchange Server 2019 CU15: April 18, 2025 (KB5050672)
Hotfix update for Exchange Server 2019 CU15: April 18, 2025 KB5050672 Hotfix update for Microsoft Exchange Server 2019 CU15 was released on April 18, 2025. It includes fixes for non-security issues and introduces new features. These fixes and features will also be included in later cumulative...
Security Updates for Microsoft Exchange Server (August 2025)
The Microsoft Exchange Server installed on the remote host is missing a security update. It is, therefore, affected by multiple vulnerabilities as referenced in the August, 2025 security bulletin. - Exposure of sensitive information to an unauthorized actor in Microsoft Exchange Server allows an...
Sophos XG Firewall <= 17.5.12 RCE
Sophos XG Firewall 17.x through v17.5 MR12 allows a Buffer Overflow and remote code execution via the HTTP/S Bookmarks feature for clientless access. Hotfix HF062020.1 was published for all firewalls running v17.x. Note that Nessus has not tested for this issue but has instead relied only on the...
Citrix Workspace app for Windows Security Bulletin CVE-2025-4879
Severity - High Description of Problem A vulnerability has been discovered that impacts the Citrix Workspace app for Windows. Affected Versions The vulnerability affects the following supported versions of the Citrix Workspace app for Windows Current Release CR Citrix Workspace app for Windows...
PT-2025-25755 · Fortra · Ca Privileged Access Manager
Name of the Vulnerable Software and Affected Versions: Fortra's Core Privileged Access Manager BoKS versions 7.2.0 through 7.2.0.17 Fortra's Core Privileged Access Manager BoKS versions 8.1.0 through 8.1.0.22 Fortra's Core Privileged Access Manager BoKS versions 8.1.1 through 8.1.1.7 Fortra's Cor...
Hotfix update for Exchange Server 2019 CU14 HU5: May 29, 2025 (KB5057652)
Hotfix update for Exchange Server 2019 CU14 HU5: May 29, 2025 KB5057652 Hotfix update for Microsoft Exchange Server 2019 CU14 HU5 was released on May 29, 2025. It includes fixes for nonsecurity issues and introduces new features. These fixes and features will also be included in later cumulative...
Hotfix update for Exchange Server 2019 CU15 HU2: May 29, 2025 (KB5057651)
Hotfix update for Exchange Server 2019 CU15 HU2: May 29, 2025 KB5057651 Hotfix update for Microsoft Exchange Server 2019 CU15 HU2 was released on May 29, 2025. It includes fixes for nonsecurity issues and introduces new features. These fixes and features will also be included in later cumulative...
CVE-2025-4379
DobryCMS in versions 2. and lower is vulnerable to Reflected Cross-Site Scripting XSS. Improper input validation in szukaj parameter allows arbitrary JavaScript to be executed on victim's browser when specially crafted URL is opened. A hotfix for affected versions was released on 29.04.2025. It...
CVE-2025-4379
DobryCMS in versions 2. and lower is vulnerable to Reflected Cross-Site Scripting XSS. Improper input validation in szukaj parameter allows arbitrary JavaScript to be executed on victim's browser when specially crafted URL is opened. A hotfix for affected versions was released on 29.04.2025. It...