Vulnerabilities found in Microsoft Windows

Microsoft has published measures to address a vulnerability in Windows operating systems that could allow malicious individuals to access data encrypted via BitLocker. The vulnerability involves bypassing a security feature in Windows, known as “YellowKey”. A proof of concept is available that...

AMD Manageability Tools Vulnerabilities

AMD ID: AMD-SB-9015 Potential Impact: Arbitrary Code execution Severity: High Summary Vulnerabilities were reported in various AMD Manageability Tools. AMD has provided mitigations for these issues. Please refer to Affected Products and Mitigations below...

SUSE CVE-2025-46727

Rack is a modular Ruby web server interface. Prior to versions 2.2.14, 3.0.16, and 3.1.14, Rack::QueryParser parses query strings and application/x-www-form-urlencoded bodies into Ruby data structures without imposing any limit on the number of parameters, allowing attackers to send requests with...

CVE-2025-3910

A flaw was found in Keycloak. The org.keycloak.authorization package may be vulnerable to circumventing required actions, allowing users to circumvent requirements such as setting up two-factor authentication. Mitigation No current mitigations are available for this vulnerability...

Vulnerability discovered in Palo Alto PAN-OS

Palo Alto has discovered a vulnerability in PAN-OS. A unauthenticated malicious person can exploit the vulnerability to execute arbitrary code on the vulnerable system with root privileges. The vulnerability is found only in PAN-OS versions 10.2, 11.0 and 11.1, if both the GlobalProtect Gateway a...

Vulnerability fixed in Splunk

A vulnerability has been fixed in Splunk. A malicious person with prior authentication and rights to upload XSLT files, could exploit the vulnerability to execute arbitrary code via the upload of an XSLT file to execute arbitrary code with permissions from the application. Because it is not...

Vulnerability found in Mitel MiVoice Connect

A vulnerability has been found in the Service Appliance component of MiVoice Connect. This vulnerability allows a remote malicious remote user to execute arbitrary code with the permissions with which the Service Appliance component is running. Mitel has made mitigating measures available to fix...

Vulnerabilities fixed in Microsoft Windows

Microsoft has fixed several vulnerabilities in Windows. The vulnerabilities potentially enable a malicious person to launch attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS. Remote code execution Administrator/Root rights Remote code execution User...

Vulnerability fixed in Micro Focus Operations Agent

A vulnerability has been fixed in Micro Focus Operational Agent. The vulnerability allows a local malicious agent to access gain access to system data. Micro Focus indicates that mitigating measures are available that eliminate the vulnerability. For more information see:...

Vulnerabilities fixed in Siemens SCALANCE

Siemens has fixed vulnerabilities in Siemens SCALANCE products. A malicious party could exploit the vulnerabilities to cause a denial-of-service, or to gain access to sensitive data. Siemens is still working on fixes for several SCALANCE products that are vulnerable. For when updates are not yet...

Apache Tomcat vulnerability discovered in BIG-IP

F5 has discovered a vulnerability in BIG-IP. The vulnerability is located in the Tomcat component and gives opportunity for HTTP request smuggling. A malicious party can modify an HTTP request of another user. This can lead to many types of consequential damage. F5 has not yet released updates to...

Vulnerability fixed in Schneider Electric Modicon

A vulnerability has been found in the firmware of Schneider Electric Modicon X80 devices. A malicious party can exploit the exploit the vulnerability to obtain configuration data from the device. To do this, a malicious person must make a rogue request towards the web server of the system. It is...

Vulnerabilities fixed in Siemens Scalance

Siemens has fixed several vulnerabilities in Scalance products. The vulnerabilities allow an unauthenticated remote malicious person may be able to launch attacks leading to the following categories of damage: Denial-of-Service DoS DNS cache poisoning Remote code execution possibly under elevated...

CVE-2018-4848

A vulnerability has been identified in SCALANCE X-200 switch family incl. SIPLUS NET variants All versions V5.2.3, SCALANCE X-200IRT switch family incl. SIPLUS NET variants All versions V5.4.1, SCALANCE X-200RNA switch family All versions V3.2.7, SCALANCE X-300 switch family incl. X408 and SIPLUS...