5784 matches found
PT-2025-28785 · Adobe · Framemaker
Name of the Vulnerable Software and Affected Versions: Adobe Framemaker versions 2020.8, 2022.6 and earlier Description: The issue is an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user...
PT-2025-28476 · Ivanti · Ivanti Connect Secure +1
Name of the Vulnerable Software and Affected Versions: Ivanti Connect Secure versions prior to 22.7R2.8 Ivanti Policy Secure versions prior to 22.7R1.5 Description: The issue is related to improper access control in the certificate management component. This allows a remote authenticated admin wi...
PT-2025-28753 · Adobe · Coldfusion
Name of the Vulnerable Software and Affected Versions: ColdFusion versions 2025.2, 2023.14, 2021.20 and earlier Description: The issue is related to an Improper Access Control vulnerability that could lead to application denial-of-service. A high-privileged attacker could exploit this vulnerabili...
PT-2025-28233 · Splunk · Splunk Enterprise +1
Name of the Vulnerable Software and Affected Versions: Splunk Enterprise versions prior to 9.4.3 Splunk Enterprise versions prior to 9.3.5 Splunk Enterprise versions prior to 9.2.7 Splunk Enterprise versions prior to 9.1.10 Splunk Cloud Platform versions prior to 9.3.2411.104 Splunk Cloud Platfor...
PT-2025-28232 · Splunk · Splunk Enterprise +1
Name of the Vulnerable Software and Affected Versions: Splunk Enterprise versions prior to 9.4.3 Splunk Enterprise versions prior to 9.3.5 Splunk Enterprise versions prior to 9.2.7 Splunk Enterprise versions prior to 9.1.10 Splunk Cloud Platform versions prior to 9.3.2411.104 Splunk Cloud Platfor...
RHBA-2025:9433 Red Hat Bug Fix Advisory: microcode_ctl bug fix and enhancement update
Bulletin has no description...
Cisco BroadWorks CommPilot Application Software Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of Cisco BroadWorks CommPilot Application Software could allow an authenticated, remote attacker to conduct cross-site scripting XSS attacks against a user of the interface. This vulnerability is due to insufficient validation of user-supplied...
Cisco Spaces Connector Privilege Escalation Vulnerability
A vulnerability in Cisco Spaces Connector could allow an authenticated, local attacker to elevate privileges and execute arbitrary commands on the underlying operating system as root. This vulnerability is due to insufficient restrictions during the execution of specific CLI commands. An attacker...
Cisco Unified Communications Manager Static SSH Credentials Vulnerability
A vulnerability in Cisco Unified Communications Manager Unified CM and Cisco Unified Communications Manager Session Management Edition Unified CM SME could allow an unauthenticated, remote attacker to log in to an affected device using the root account, which has default, static credentials that...
CGA-H9JP-5C73-PXM8
Bulletin has no description...
Cisco Meraki 14 / 15 / 16 < 16.16 DoS (cisco-sa-snort-dos-9D3hJLuj)
The version of the remote Cisco Meraki device is version 14, 15, or 16 prior to 16.16. It is, therefore, potentially affected by a denial of service vulnerability as referenced in the cisco-sa-snort-dos-9D3hJLuj advisory: - A vulnerability in the Modbus preprocessor of the Snort detection engine...
Cisco Meraki 16.2 < 16.16.6 / 17.x < 17.10.1 DoS (cisco-sa-meraki-mx-vpn-dos-vnESbgBf)
The version of the remote Cisco Meraki device is 16.2 prior to 16.16.6 or 17.x prior to 17.10.1. It is, therefore, potentially affected by a denial of service vulnerability as referenced in the cisco-sa-meraki-mx-vpn-dos-vnESbgBf advisory: - A vulnerability in the Cisco AnyConnect VPN server of...
PT-2025-27837
Name of the Vulnerable Software and Affected Versions DjVuLibre versions prior to 3.5.29 djvulibre versions prior to 3.5.28-2.1deb12u1 mingw-djvulibre version 3.5.29 djview versions prior to 3.5.28-2ubuntu0.25.04.1 djview3 versions prior to 3.5.28-2ubuntu0.25.04.1 djvulibre-bin versions prior to...
CGA-848V-PJMJ-C36P
Bulletin has no description...
PT-2025-27281 · Ibm · Ibm Cognos Analytics
Name of the Vulnerable Software and Affected Versions: IBM Cognos Analytics versions 11.2.0 through 12.2.4 Fix Pack 5 IBM Cognos Analytics versions 12.0.0 through 12.0.4 Description: This issue allows authenticated users to embed arbitrary JavaScript code in the Web UI, potentially leading to...
Vulnerability fixed in IBM WebSphere Application Server
IBM has fixed a vulnerability in IBM WebSphere Application Server Versions 8.5 and 9.0. The vulnerability is in the processing of specially crafted serialized objects. This problem can be exploited by attackers to execute arbitrary code on the server. IBM has released updates to fix the...
CVE-2025-5832
Pioneer DMH-WT7600NEX Software Update Signing Insufficient Verification of Data Authenticity Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Pioneer DMH-WT7600NEX devices. Authentication is not required to exploit this...
Cisco Identity Services Engine Unauthenticated Remote Code Execution Vulnerabilities
Multiple vulnerabilities in Cisco Identity Services Engine ISE and Cisco ISE Passive Identity Connector ISE-PIC could allow an unauthenticated, remote attacker to issue commands on the underlying operating system as the root user. For more information about these vulnerabilities, see the Details...
Cisco Identity Services Engine Authorization Bypass Vulnerability
A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to bypass the authorization mechanisms for specific administrative functions. This vulnerability is due to insufficient authorization enforcement mechanisms fo...
CGA-75RH-2Q2Q-WM52
Bulletin has no description...