EUVD-2019-15108

Malware in sbrugna...

June 10, 2025—KB5060842 (OS Build 26100.4349)

June 10, 2025—KB5060842 OS Build 26100.4349 For information about Windows update terminology, see types of Windows updates and the monthly quality update types. To find an overview, see the update history page for Windows 11, version 24H2. Follow @WindowsUpdate to find out when new content is...

June 10, 2025—KB5060533 (OS Builds 19044.5965 and 19045.5965)

June 10, 2025—KB5060533 OS Builds 19044.5965 and 19045.5965 Notice for Surface Hub v1 users DO NOT install this update. Instead, install updateKB5063159. For more information, see the Known issues in this update section.​​​​​​​ --- Important Windows updates do not install Microsoft Store...

December 10, 2024—KB5048652 (OS Builds 19044.5247 and 19045.5247) - EXPIRED

December 10, 2024—KB5048652 OS Builds 19044.5247 and 19045.5247 - EXPIRED EXPIRATION NOTICEIMPORTANT As of March 31, 2026, this update is no longer available from the Microsoft Update Catalog or other release channels. We recommend that you update your devices to the latest version of Windows. --...

June 11, 2024—KB5039212 (OS Builds 22621.3737 and 22631.3737)

June 11, 2024—KB5039212 OS Builds 22621.3737 and 22631.3737 For information about Windows update terminology, see the article about the types of Windows updates and the monthly quality update types. For an overview of Windows 11, version 23H2, see its update history page. Note Follow @WindowsUpda...

Command Execution Vulnerability in ZOHO ManageEngine ADManager Plus

ZOHO ManageEngine ADManager Plus is a suite of Microsoft Active Directory management software from ZOHO designed for enterprise users using Windows domains. The software assists AD administrators and helpdesk technicians with day-to-day administrative tasks, such as batch management of user...

ZOHO ManageEngine ADManager Plus File Upload Vulnerability (CNVD-2021-78733)

ZOHO ManageEngine ADManager Plus is a suite of Microsoft Active Directory management software from ZOHO designed for enterprise users using Windows domains. ZOHO ManageEngine ADManager Plus 7110 and earlier versions are vulnerable to file uploads, which can be exploited by attackers to cause remo...

ZOHO ManageEngine ADManager Plus File Upload Vulnerability (CNVD-2021-78729)

ZOHO ManageEngine ADManager Plus is a suite of Microsoft Active Directory management software from ZOHO designed for enterprise users using Windows domains. ZOHO ManageEngine ADManager Plus 7110 and earlier versions contain a file upload vulnerability that can be exploited by attackers to cause...

ZOHO ManageEngine ADManager Plus File Upload Vulnerability

ZOHO ManageEngine ADManager Plus is a set of Microsoft Active Directory management software from ZOHO designed for enterprise users using Windows domains. ZOHO ManageEngine ADManager Plus is a file upload vulnerability that can be exploited by attackers to cause remote code execution...

Zoho ManageEngine ADManager Plus Remote Code Execution Vulnerability

Zoho ManageEngine ADManager Plus is a Microsoft Active Directory management software designed for enterprise users using Windows domains from ZOHO, Inc. A security vulnerability exists in Zoho ManageEngine ADManager Plus that could be exploited by attackers to execute remote code...

ZOHO ManageEngine ADManager Plus Cross-Site Scripting Vulnerability (CNVD-2021-60538)

ZOHO ManageEngine ADManager Plus is a set of Microsoft Active Directory management software designed for enterprise users using Windows domains from ZOHO USA.ZOHO ManageEngine ADManager Plus has a security vulnerability, no details of the vulnerability are available...

Arbitrary File Write Vulnerability in Panavision OA E-office

Panmicro OA E-office system is a professional collaborative OA software for small and medium-sized organizations, a leading brand in the field of domestic collaborative OA office, dedicated to providing professional OA office system, mobile OA applications and other collaborative OA overall...

Slack hurries to fix direct message flaw that allowed harassment

The enormous work messaging platform Slack quickly reversed course yesterday, promising to revise a brand-new direct message feature that could have been misused for harassment. Added to the company’s “Slack Connect” product—which lets enterprise users share messages with contract workers and...

Microsoft Lures Populate Half of Credential-Swiping Phishing Emails

Almost half of phishing attacks in 2020 aimed to swipe credentials using Microsoft-related lures – from the Office 365 enterprise service lineup to its Teams collaboration platform. According to a Tuesday report by Cofense, which analyzed millions of emails related to various attacks, 57 percent...

Information Leakage Vulnerability in Jingyun Network Anti-Virus System of Beijing Tatsun Leader Information Technology Co.

KingCloud Network Antivirus is a private cloud antivirus solution for enterprise-level users. There is an information leakage vulnerability in Jingyun Network Antivirus System of Beijing T&S Leader Information Technology Co., Ltd, which can be exploited by attackers to obtain sensitive user...

Foxit PhantomPDF Cloud Credentials Mishandling Vulnerability

PhantomPDF is a Chinese Foxit Foxit company for enterprise-level users of PDF document processing software. A cloud credential mishandling vulnerability exists in Foxit PhantomPDF versions prior to 8.3.10. An attacker could exploit this vulnerability to access documents on Google Drive...

CVE-2019-5533

In VMware SD-WAN by VeloCloud versions 3.x prior to 3.3.0, the VeloCloud Orchestrator parameter authorization check mistakenly allows enterprise users to obtain information of Managed Service Provider accounts. Among the information is username, first and last name, phone numbers and e-mail addre...

Authorization

In VMware SD-WAN by VeloCloud versions 3.x prior to 3.3.0, the VeloCloud Orchestrator parameter authorization check mistakenly allows enterprise users to obtain information of Managed Service Provider accounts. Among the information is username, first and last name, phone numbers and e-mail addre...

Security Advisory 0130

Security Advisory 0130 PDF Date: December 23, 2025 Revision | Date | Changes ---|---|--- 1.0 | October 16, 2019 | Initial release 1.1 | December 23, 2025 | Updated to Arista Format NOTICE: VeloCloud is now an Arista product. Arista Networks has reposted this advisory that was originally posted by...

Quantopian: Stored cross-site scripting in dataset owner.

Hi again. Another XSS this time. Summary: Unescaped chars in 'dataset owner' could be abused to store arbitrary javascript. Description: There is a 'dataset owner' field in new 'custom dataset dashboard' which contains unsanitized output. If attacker would modify his name, like first name '', the...