The vulnerabilities in libssh2 are addressed through libssh.

LibSSH has vulnerabilities in libssh2, including versions up to 1.11.1. The first vulnerability involves a denial-of-service attack during the pre-authentication phase, within the SSHMSGEXTINFO handler. A malicious SSH server can send a specially constructed extensioncount value, causing the clie...

Vulnerabilities in MongoDB Server

MongoDB has identified several vulnerabilities in the MongoDB Server. These vulnerabilities concern various components of the MongoDB Server. One vulnerability in the logging mechanism can cause entire authentication data, including sensitive credentials, to be recorded in server logs without...

Vulnerabilities in Splunk Enterprise and Splunk Cloud Platform

Splunk has identified several vulnerabilities in Splunk Enterprise and Splunk Cloud Platform. These vulnerabilities concern various components of Splunk Enterprise and Splunk Cloud Platform. Splunk has classified the vulnerability with the identifier CVE-2026-20253 as a critical vulnerability in...

Vulnerabilities in Cisco Identity Services Engine

Cisco has addressed several vulnerabilities in Cisco Identity Services Engine ISE and Cisco ISE Passive Identity Connector ISE-PIC. These vulnerabilities can be exploited by both authenticated and unauthenticated attackers. An authenticated attacker with administrative privileges can send special...

Vulnerabilities in Oracle Fusion Middleware products

Oracle has identified several vulnerabilities in various products within the Oracle Fusion Middleware suite, including WebLogic Server, WebCenter Content, WebCenter Sites, WebCenter Portal, WebCenter Enterprise Capture, Identity Manager, Identity Manager Connector, Access Manager, Coherence,...

Vulnerabilities in Oracle JD Edwards EnterpriseOne

Oracle has identified several vulnerabilities in Oracle JD Edwards EnterpriseOne, including the modules Tools, Accounts Payable, Human Resources Management, General Ledger, Order Promising, and Project Costing, specifically for versions 9.2.0.0 to 9.2.26.2. These vulnerabilities enable attackers ...

Vulnerabilities present in Oracle MySQL products

Oracle has identified vulnerabilities in Oracle MySQL Shell for VS Code, MySQL Router, MySQL NDB Cluster, and MySQL Server. These vulnerabilities exist in various Oracle MySQL products and versions. In MySQL Shell for VS Code versions 2026.2.0+9.6.1, attackers with low privileges and network acce...

Vulnerabilities in Oracle PeopleSoft Enterprise

Oracle has identified vulnerabilities in Oracle PeopleSoft Enterprise PT PeopleTools versions 8.61 and 8.62 and PeopleSoft Enterprise CS Campus Community and Student Financials version 9.2.38. The vulnerabilities in Oracle PeopleSoft Enterprise PT PeopleTools versions 8.61 and 8.62 allow...

Vulnerabilities in Oracle VM VirtualBox

Oracle has identified several vulnerabilities in Oracle VM VirtualBox version 7.2.8. These vulnerabilities are located in various components of Oracle VM VirtualBox 7.2.8, including the Shared Folders and the VMSVGA device. An attacker with low to high privileges and access to the underlying...

Vulnerabilities are managed in Oracle Enterprise Manager

Oracle has identified several vulnerabilities in Oracle Enterprise Manager versions 13.5 and 24.1. The vulnerabilities in Oracle Enterprise Manager Base Platform versions 13.5 and 24.1 allow an attacker with low or no privileges, and access via HTTP or HTTPS, to gain complete control over the...

Vulnerabilities in Oracle E-Business Suite products

Oracle has identified vulnerabilities in various Oracle E-Business Suite products, including Oracle Enterprise Command Center Framework, iSupplier Portal, Complex Maintenance, Repair and Overhaul, Process Manufacturing Product Development, HR Intelligence, Receivables, Spares Management, Cost...

Vulnerabilities found in Oracle Communications

Oracle has uncovered vulnerabilities in Oracle Communications. The vulnerabilities reside in two underlying products: SQLite and Log4j. These vulnerabilities were previously exploited by the developers of these products. Oracle has incorporated these updates into its own software. In SQLite, a...

Kwetsbaarheid verholpen in Cisco Catalyst SD-WAN Manager

Cisco has identified a vulnerability in the Cisco Catalyst SD-WAN Manager. This vulnerability resides in the web user interface of the Cisco Catalyst SD-WAN Manager and involves a directory traversal flaw. This flaw is caused by improper input validation during the file upload process. An...

Vulnerabilities found in Check Point Remote and Mobile Access VPN-products

Check Point has identified vulnerabilities in Remote and Mobile Access VPN products, specifically those implemented using the IKEv1 key exchange protocol. Two vulnerabilities have been identified in Check Point Security Gateways and Remote Access VPN environments that utilize the outdated IKEv1...

Vulnerabilities hidden in Fortinet FortiPortal

Fortinet identified a vulnerability in FortiPortal versions 7.0 through 7.4.7. The vulnerability relates to the FortiPortal API endpoints, where an external attacker with organizational user privileges could access sensitive network configuration data through specially crafted HTTP requests. Thes...

Vulnerabilities managed in GitLab Enterprise Edition

GitLab has identified several vulnerabilities in the GitLab Community Edition and Enterprise Edition versions, ranging from 12.0 to 19.0.2, including important releases such as 17.x, 18.10.8, 18.11.5, and 19.0.2. These vulnerabilities affect various components of GitLab CE & EE. Authorized users...

Vulnerability handling in Oracle PeopleSoft Enterprise PeopleTools

Oracle has identified a vulnerability in Oracle PeopleSoft Enterprise PeopleTools versions 8.61 and 8.62. This vulnerability allows unauthorized attackers to exploit the system via HTTP remotely. This can lead to remote code execution, which may result in the complete takeover of the system. The...

Vulnerabilities found in Ivanti Sentry

Ivanti has identified two vulnerabilities in Sentry. The first vulnerability is rated by Ivanti with a CVSS score of 10. An unauthorized malicious actor can execute arbitrary code with root privileges through this vulnerability. The second vulnerability is rated with a CVSS score of 9.9. This...

Vulnerabilities in Adobe InDesign Desktop Applications

Adobe has identified several vulnerabilities in Adobe InDesign Desktop versions 21.3, 20.5.3, and earlier versions. These vulnerabilities lie in the way Adobe InDesign Desktop processes malicious files. There are stack-based and heap-based buffer overflow vulnerabilities that can lead to memory...

vulnerabilities present in Adobe Dreamweaver Desktop

Adobe has identified several vulnerabilities in Adobe Dreamweaver Desktop versions 21.7 and earlier. These vulnerabilities can be exploited by users who open specially crafted malicious files within the application. The vulnerabilities include executing arbitrary code by opening malicious files,...

Vulnerabilities present in Adobe Acrobat Reader

Adobe has identified vulnerabilities in Adobe Acrobat Reader versions 24.001.30365, 26.001.21651, and earlier versions. These vulnerabilities include an out-of-bounds write vulnerability and multiple Use After Free errors. These errors occur when processing certain malformed or maliciously...

Vulnerabilities in Adobe ColdFusion

Adobe has addressed several vulnerabilities in Adobe ColdFusion versions 2023.19, 2025.8, and earlier versions. These vulnerabilities include improper input validation, which allows arbitrary code to be executed without user interaction. There is also a path traversal vulnerability that enables...

Vulnerabilities managed in Ivanti Endpoint Manager Mobile

Ivanti has identified several vulnerabilities in Ivanti Endpoint Manager Mobile. These vulnerabilities include an OS command injection vulnerability, where a remote attacker can execute arbitrary operating system commands with root privileges. Additionally, there is a vulnerability due to incorre...

Vulnerability handling in Fortinet FortiSandbox

Fortinet has identified a vulnerability in FortiSandbox versions 4.2 through 5.0.5, including FortiSandbox Cloud and FortiSandbox PaaS. The vulnerability involves OS command injection in the FortiSandbox’s webinterface. As a result, unauthorized attackers can execute arbitrary OS commands by...

Veeam Backup & Replication’s vulnerability handling capabilities

Veeam has identified a vulnerability in Backup & Replication. This vulnerability allows an authenticated domain user to execute remote code on the Backup Server. As a result, an attacker with domain credentials can exploit this vulnerability to gain control over backup operations. This is a...

Vulnerabilities present in Siemens products

Siemens has identified vulnerabilities in various products, including SCALANCE, SIMATIC, SINAMICS, SIPROTEC, and TIA Portal. These vulnerabilities pose a threat to malicious actors, who could exploit them to cause the following types of damage: - Denial-of-Service DoS attacks - Data manipulation ...

Flaws hidden in Microsoft Dynamics

Microsoft has identified a vulnerability in Dynamics on-premise. A malicious individual could exploit this vulnerability to gain increased privileges on the system. It is possible for a malicious person to gain privileges as a System Administrator. For successful exploitation, the malicious...

Vulnerabilities in Microsoft Exchange

Microsoft has patched vulnerabilities in Exchange, both on-premise and online versions. A malicious individual could exploit these vulnerabilities to impersonate other users and access sensitive data. Additionally, a malicious actor could execute arbitrary code. The most severe vulnerability...

vulnerabilities handled in Microsoft Developer Tools

Microsoft has addressed vulnerabilities in Developer Tools. A malicious actor could exploit these vulnerabilities to carry out attacks that can cause various types of damage, as described in the tables below. Except for the vulnerability in .NET Core, where no prior authentication or user...

Vulnerabilities in Microsoft Azure

Microsoft has addressed vulnerabilities in various Azure components. Malicious actors could exploit these vulnerabilities to impersonate other users, gain elevated privileges, execute arbitrary code, or potentially access sensitive data. The most severe vulnerability was found in HorizonDB and ha...

vulnerabilities present in Microsoft Office

Microsoft has identified vulnerabilities in various Office products such as Sharepoint, Word, Project, and Excel. A malicious individual can exploit these vulnerabilities to carry out attacks that can cause various types of damage, as described in the tables below. For successful exploitation, th...

Vulnerabilities in Microsoft Windows

Microsoft has fixed a large number of vulnerabilities in Windows. A malicious party can exploit the vulnerabilities to carry out attacks that can lead to various categories of damage, as described in the tables below. Among these vulnerabilities are about six very serious ones, which Microsoft ha...

Vulnerabilities present in IBM Aspera High-Speed Transfer Endpoint and Server

IBM has identified vulnerabilities in the IBM Aspera High-Speed Transfer Endpoint and Server versions 3.7.4 through 4.4.7 Fix Pack 1. These vulnerabilities reside in the asperahttpd component of the IBM Aspera High-Speed Transfer Endpoint and Server products. A buffer overflow can lead to...

Vulnerabilities in IBM WebSphere Application Server and WebSphere Liberty

IBM has identified vulnerabilities in WebSphere Application Server and WebSphere Liberty versions 8.5 and 9.0. These vulnerabilities reside in the Web Server Plug-ins, which are part of the request handling processes of these products. The first vulnerability relates to HTTP request smuggling,...

Kwetsbaarheid verholpen in Cisco SD-WAN Manager

Cisco has identified a vulnerability in SD-WAN Manager, previously known as SD-WAN vManage. A malicious individual could exploit this vulnerability by uploading a specially crafted file to the affected system and thereby elevating their privileges to root user status. Cisco indicates that active...

The vulnerability was exploited in SolarWinds Serv-U.

SolarWinds has identified a vulnerability in Serv-U. A malicious individual could exploit this vulnerability to cause a Denial-of-Service attack by sending a specially crafted POST message. SolarWinds has released a hotfix and published mitigation measures to address this vulnerability and preven...

Lack of transparency in Cisco Unified Communications Manager

Cisco has identified a vulnerability in Unified Communications Manager CM and Unified Communications Manager Session Management Edition CM SME. A malicious individual could exploit this vulnerability to carry out a Server-Side Request Forgery SSRF attack. Successful exploitation could result in t...

Vulnerabilities in Microsoft Windows

Microsoft has fixed vulnerabilities in Windows. A malicious party can exploit the vulnerabilities to carry out attacks that can lead to the following categories of damage: - Denial-of-Service DoS - Execution of arbitrary code root/admin privileges - Execution of arbitrary code user privileges -...

Vulnerabilities found in Google Android and Samsung Mobile devices

Google has hidden vulnerabilities in Android. Samsung has also hidden vulnerabilities related to Samsung mobile devices in Samsung Mobile. A malicious actor could exploit these vulnerabilities to cause a denial-of-service attack, gain elevated privileges, access sensitive data, or execute arbitra...

Vulnerability handling in Palo Alto Networks PAN-OS and Prisma Access

Palo Alto Networks has identified a vulnerability in the PAN-OS’ GlobalProtect portal and gateway components. An unauthorized malicious actor can exploit this vulnerability to establish a VPN connection. As a result, the malicious actor gains access to internal systems that are accessible via the...

The vulnerability was concealed in Starlette

There is a vulnerability in Starlette, a Python library for developing web services. Starlette is used by various products, including FastAPI. An unauthorized malicious actor can exploit this vulnerability to bypass authentication checks. This allows the malicious actor to access protected URL...

Vulnerabilities in Oracle E-Business Suite components

Oracle has discovered vulnerabilities in various components of the Oracle E-Business Suite, including Oracle Payments, Oracle Internet Procurement Connector, Oracle Financials Common Modules, Oracle iAssets, Oracle Public Sector Financials International, Oracle Universal Work Queue, Oracle Payrol...

Vulnerabilities in Oracle Database Server

Oracle has identified vulnerabilities in Oracle REST Data Services versions 24.2.0 to 26.1.0 and Oracle Database Server versions 23.4.0 to 23.26.2. The vulnerabilities in Oracle REST Data Services allow attackers with low privileges and network access via HTTPS to perform various actions without...

Vulnerabilities are handled in GitLab Community Edition and Enterprise Edition

GitLab has identified several vulnerabilities in the GitLab Community Edition and Enterprise Edition, specifically in versions 12.7 through 18.10.7, 18.11 through 18.11.4, and 19.0 through 19.0.1. These vulnerabilities relate to various aspects of authentication, authorization, and validation...

Kwetsbaarheid verholpen in Cisco Secure Workload

Cisco has identified a vulnerability in Cisco Secure Workload. This vulnerability resides within the internal REST APIs of Cisco Secure Workload. Unauthorized malicious actors with access to the internal infrastructure can obtain Site Admin privileges through inadequate validation and...

Flattening of vulnerability issues within the Drupal core

Drupal has identified a vulnerability in the Drupal core versions starting from 8.9.0, specifically versions 10.x and 11.x. The vulnerability involves SQL injection in the Drupal’s database abstraction API. As a result, unauthorized malicious actors can execute arbitrary SQL injections on sites...

Vulnerabilities found in Microsoft Windows

Microsoft has published measures to address a vulnerability in Windows operating systems that could allow malicious individuals to access data encrypted via BitLocker. The vulnerability involves bypassing a security feature in Windows, known as “YellowKey”. A proof of concept is available that...

Kwetsbaarheid verholpen in NGINX ngx_http_rewrite_module

NGINX has identified a vulnerability in the ngxhttprewritemodule, which is part of both the NGINX Plus and open-source versions of the software. The vulnerability involves a heap buffer overflow in the ngxhttprewritemodule, which is responsible for URL rewriting functionality. An attacker can...

The vulnerability was exploited in Exim.

The developers of Exim introduced a vulnerability in the Exim Mail Transfer Agent versions prior to 4.99.3. This vulnerability involves a use-after-free in the BDAT body parsing process, specifically when certain GnuTLS backend configurations are used. An unauthorized attacker can exploit this...

Vulnerabilities found in F5 BIG-IP and BIG-IQ products

F5 has identified several vulnerabilities in the BIG-IP and BIG-IQ products, including components such as iControl REST, iControl SOAP, TMOS Shell, Traffic Management Microkernel TMM, Configuration Utility, Advanced WAF, ASM, PEM, DNS, Access Policy Manager APM, and SSL Orchestrator. The...