4190 matches found
Vulnerabilities in MongoDB Server
MongoDB has identified several vulnerabilities in the MongoDB Server. These vulnerabilities concern various components of the MongoDB Server. One vulnerability in the logging mechanism can cause entire authentication data, including sensitive credentials, to be recorded in server logs without...
Vulnerability handling functions in cPanel and WHM
cPanel has identified a vulnerability in its cPanel and WHM products, including versions after 11.40 and before the specific patched releases. The vulnerability involves an authentication bypass that occurs due to the injection of CRLF characters in session files, allowing attackers to impersonat...
Vulnerabilities are managed in Oracle Enterprise Manager
Oracle has identified vulnerabilities in Enterprise Manager Base Platform 13.5, 24.1. These vulnerabilities enable unauthorized attackers to gain unauthorized access, or they can lead to a denial-of-service attack via HTTP. Oracle has released updates for Enterprise Manager Base Platform to addre...
Vulnerabilities fixed in SAP products
SAP has fixed vulnerabilities in several SAP products, including SAP Supplier Relationship Management, SAP BusinessObjects Business Intelligence Platform, SAP NetWeaver Application Server Java and ABAP, SAP Landscape Transformation, SAP Business Planning and Consolidation, SAP Business Warehouse,...
Vulnerabilities fixed in Synology SSL VPN Client
Synology has fixed vulnerabilities in Synology SSL VPN Client. A malicious party can exploit these vulnerabilities because Synology SSL VPN Client with version before 1.4.5-0684 stores PINs insecurely and does not adequately shield files via a local HTTP server component. This can lead to...
Vulnerabilities fixed in Cisco Nexus Dashboard and Nexus Dashboard Insights
Cisco has fixed vulnerabilities in Cisco Nexus Dashboard and Cisco Nexus Dashboard Insights. The first vulnerability involves incorrect input validation of specific HTTP requests in Cisco Nexus Dashboard and Nexus Dashboard Insights. This allows unauthenticated remote attackers to perform...
Vulnerabilities fixed in Fortinet FortiWeb
Fortinet has fixed vulnerabilities in FortiWeb Versions 7.0 to 8.0.1. The vulnerabilities include an ability for remote unauthenticated attackers to bypass hostname restrictions, an OS command injection vulnerability within the FortiWeb API, and the ability to bypass authentication rate-limits...
Vulnerabilities fixed in Microsoft Developer tools
Microsoft has fixed vulnerabilities in .NET and PowerShell. A malicious party could exploit the vulnerabilities to cause a denial-of-service or grant themselves elevated privileges within an application using the vulnerable .NET. .NET: |----------------|------|------------------------------------...
Vulnerabilities fixed in Ivanti Endpoint Manager
Ivanti has fixed vulnerabilities in Ivanti Endpoint Manager Specific for versions prior to 2024 SU5. The vulnerability with attribute CVE-2026-1603 concerns an authentication bypass that allows remote, unauthenticated attackers to gain access to certain stored login credentials, which can lead to...
Vulnerability fixed in BIND 9
ICS has fixed a vulnerability in BIND 9. The vulnerability is located in certain versions of BIND 9, where malformed BRID/HHIT records can lead to the unexpected termination of the named service, which is critical for DNS resolution. This vulnerability allows attackers to crash the service throug...
Vulnerabilities fixed in Adobe InDesign Desktop
Adobe has fixed vulnerabilities in InDesign Desktop Specifically for versions 21.0, 19.5.5 and earlier. The vulnerabilities include an improperly initialized pointer that leads to arbitrary code execution, a heap-based buffer overflow that also enables arbitrary code execution without further use...
Vulnerabilities fixed in Trend Micro Apex Central
Trend Micro has fixed vulnerabilities in Trend Micro Apex Central. The vulnerabilities are in the way Trend Micro Apex Central handles certain input. An attacker can cause a denial-of-service DoS without authentication by using an unverified NULL return value. In addition, malicious actors can ga...
Vulnerabilities fixed in GitLab
GitLab has fixed vulnerabilities in GitLab CE/EE. The vulnerabilities include several issues, including the ability for authenticated users to abuse external API calls, which could lead to a Denial-of-Service. In addition, GraphQL allowed authenticated users to make unauthorized changes to projec...
Vulnerability fixed in GeoServer
OSGeo has fixed a vulnerability in GeoServer. The vulnerability is in the way GeoServer processes XML input, specifically via the /geoserver/wms GetMap operation. Improper sanitation of XML input allows attackers to disclose sensitive files or conduct denial-of-service attacks using custom XML...
Vulnerability fixed in Barracuda Service Center
Barracuda has fixed a vulnerability in Barracuda Service Center Specifically for RMM solutions, versions prior to 2025.1.1. The vulnerability is in the inadequate URL authentication in WSDL files that can be manipulated by attackers. This can lead to the overwriting of arbitrary files and externa...
Vulnerabilities fixed in Ivanti Endpoint Manager
Ivanti has fixed vulnerabilities in Ivanti Endpoint Manager Specific for versions prior to 2024 SU4 SR1. The vulnerabilities are located in several components of Ivanti Endpoint Manager. The first vulnerability involves a stored XSS vulnerability that allows unauthenticated attackers to execute...
Vulnerabilities fixed in GitLab CE/EE
GitLab has fixed vulnerabilities in GitLab CE/EE. The vulnerabilities include several issues, including the ability for authenticated users to upload malicious images, perform unauthorized actions by injecting malicious HTML, obtain sensitive information through GraphQL queries, and bypass WebAut...
Vulnerabilities fixed in Microsoft Exchange
Microsoft has fixed vulnerabilities in Exchange. An authenticated malicious party can exploit the vulnerabilities to impersonate another user or grant themselves elevated privileges, potentially gaining access to sensitive data that the malicious party is not initially authorized to access...
Vulnerabilities fixed in SonicWall Email Security appliances
SonicWall has fixed vulnerabilities in SonicWall Email Security appliances. The vulnerabilities are in the way SonicWall Email Security appliances handle untrusted root filesystem images and directory traversal. An attacker can exploit these vulnerabilities to execute uncontrolled code or gain...
Vulnerability fixed in Progress MOVEit Transfer
Progress has fixed a vulnerability in MOVEit Transfer Specifically for versions before 2024.1.8 and from 2025.0.0 to before 2025.0.4. The vulnerability involves a server-side request forgery SSRF. This vulnerability allows attackers to send unauthorized requests from the server, which can lead to...
Vulnerabilities fixed in IBM AIX
IBM has fixed vulnerabilities in IBM AIX versions 7.2 and 7.3, as well as in IBM VIOS versions 3.1 and 4.1. The vulnerabilities are related to the insecure storage of NIM private keys, making systems vulnerable to man-in-the-middle attacks. Attackers can also send specially crafted URL requests,...
Vulnerabilities fixed in Zoom Workplace and Zoom Clients
Zoom has fixed vulnerabilities in Zoom Workplace and Zoom Clients Specifically for versions prior to 6.5.10. The vulnerabilities include improper validation of certificates, cross-site scripting, and improper handling of sensitive information, which can lead to unauthorized access and information...
Vulnerability fixed in Microsoft SQL Server
Microsoft has fixed a vulnerability in SQL Server. An authenticated malicious party can exploit the vulnerability to use specially prepared SQL statements SQL Injection to grant themselves elevated privileges and thus gain access to sensitive information that the malicious party is not initially...
Vulnerabilities fixed in Microsoft Windows
Microsoft has fixed vulnerabilities in Windows. A malicious party can exploit the vulnerabilities to carry out attacks that can lead to the following categories of damage: - Denial-of-Service - Execution of arbitrary code root/admin privileges - Accessing sensitive data - Obtaining elevated...
Vulnerabilities fixed in Siemens products
Siemens has fixed vulnerabilities in several products such as Altair Grid Engine, COMOS, LOGO, SICAM, SIDOOR, SIMATIC, SIPLUS, Spectrum Power and Solid Edge. The vulnerabilities potentially enable a malicious person to carry out attacks that can lead to the following categories of damage: -...
Vulnerability fixed in CFMOTO Ride vehicle data management systems
CFMOTO has fixed a vulnerability in the backend of systems that manage vehicle data. The vulnerability is in the way the vehicleId parameter is handled, leading to an Insecure Direct Object Reference IDOR. This allows attackers to gain unauthorized access to sensitive information from other users...
Vulnerabilities fixed in Moxa's network security devices
Moxa has fixed vulnerabilities in their network security devices. The vulnerabilities in Moxa's network security devices include improper authorization that allows unauthorized access to protected API endpoints, as well as an issue with access control mechanisms that can lead to privilege...
Vulnerabilities fixed in SAP Products
SAP has fixed vulnerabilities in several SAP products. The vulnerabilities include a deserialization vulnerability that allows unauthenticated attackers to execute arbitrary OS commands, and a CSRF vulnerability that allows authenticated attackers to bypass critical authorization controls. In...
Vulnerabilities fixed in Microsoft Office
Microsoft has fixed vulnerabilities in several Office products. A malicious party could exploit the vulnerabilities to cause a denial-of-service, execute arbitrary code with the victim's privileges, or gain access to sensitive data in the victim's context. Successful exploitation requires the...
Vulnerabilities fixed in Juniper Networks Junos Space
Juniper has fixed vulnerabilities in Junos Space Specifically for all versions prior to 24.1R4. The vulnerabilities are in the way Juniper Networks Junos Space processes user input. Attackers can inject malicious scripts into various pages, such as the Device Template Definition, Global Search, a...
Vulnerability fixed in Oracle E-Business Suite
Oracle has fixed a vulnerability in the Oracle Configurator component of Oracle E-Business Suite Specific to versions 12.2.3 through 12.2.14. The vulnerability is located in the Oracle Configurator component of Oracle E-Business Suite, specifically in versions 12.2.3 through 12.2.14. This...
Vulnerabilities fixed in VMware NSX
VMware fixed vulnerabilities in VMware NSX The vulnerabilities in VMware NSX include a weak password recovery mechanism that allows unauthenticated attackers to enumerate valid usernames, which can result in potential brute-force attacks on login credentials. Additionally, there is a username...
Vulnerabilities fixed in Spring Framework
VMWare has fixed vulnerabilities in the Spring Security framework. The vulnerabilities are in the way the Spring Security framework detects annotations, particularly in type hierarchies that use parameterized supertypes with unlimited generics. This can lead to authorization bypassing when using...
Vulnerabilities fixed in Omnissa Workspace ONE UEM
Omnissa has fixed vulnerabilities in Omnissa Workspace ONE UEM. The vulnerabilities are located in the API endpoints of Omnissa Workspace ONE UEM. The first vulnerability allows malicious parties to gain unauthorized access to sensitive information using the Path Traversal technique. This can lea...
Vulnerability fixed in Adobe ColdFusion
Adobe has fixed a vulnerability in the ColdFusion platform, including versions 2025.3, 2023.15, 2021.21 and earlier. The vulnerability is in the way the ColdFusion platform allows path traversal. The vulnerability can be exploited by attackers to execute arbitrary code on affected systems. This c...
Vulnerabilities fixed in Microsoft Azure
Microsoft has fixed vulnerabilities in Azure components. A malicious person could exploit the vulnerabilities to grant themselves elevated privileges, or execute arbitrary code. The most serious vulnerability is in the High-Performance Compute Pack HPC and allows an unauthenticated malicious pers...
Vulnerabilities fixed in N-able N-Central
N-able has fixed vulnerabilities in N-Central. The vulnerabilities include insecure deserialization that poses the risk of command execution, and command injection that stems from improper sanitization of user input. An attacker could exploit these vulnerabilities to execute unauthorized commands...
Vulnerabilities fixed in Microsoft Windows
Microsoft has fixed vulnerabilities in Windows, including Hyper-V, Graphics Component, and Routing and Remote Access Service RRAS. The vulnerabilities include several types of attacks, such as local privilege escalation, unwarranted access to sensitive information, and the potential for...
Vulnerabilities fixed in Microsoft SQL Server
Microsoft has fixed vulnerabilities in SQL Server. The vulnerabilities are related to improper access management and SQL injection, which allows authorized attackers to escalate privileges within a network. This can lead to unauthorized access and manipulation of sensitive data. The vulnerabiliti...
Vulnerability fixed in SonicWall SonicOS
SonicWall has fixed a vulnerability in SonicOS. The vulnerability is in how SonicOS' SSL VPN interface handles externally controlled formatting strings. This can be exploited by external, unauthenticated attackers, leading to service disruptions. Attackers can exploit this vulnerability to affect...
Vulnerabilities fixed in Salesforce Tableau Server
Salesforce has fixed vulnerabilities in Salesforce Tableau Server Specifically for versions lower than 25.1.3, 2024.2.12, and 2023.3.19. The vulnerabilities include unauthorized access to data via user-controlled keys, authorization bypass, unrestricted file uploads of dangerous file types,...
Vulnerabilities fixed in Citrix NetScaler ADC and NetScaler Gateway
Citrix has fixed vulnerabilities in NetScaler ADC and NetScaler Gateway. The vulnerability with reference CVE-2025-5777 involves an Out-of-Bounds Read. This vulnerability arises from insufficient input validation in systems configured as Gateway services. These include VPN virtual servers, ICA...
Vulnerabilities fixed in Adobe Illustrator
Adobe has fixed vulnerabilities in Adobe Illustrator Versions 28.7.6, 29.5.1 and earlier. The vulnerabilities are in the way Adobe Illustrator handles rogue files. These vulnerabilities can lead to arbitrary code execution, allowing attackers to perform unauthorized actions on affected systems. T...
Vulnerabilities fixed in Microsoft Visual Studio
Microsoft has fixed vulnerabilities in Visual Studio. A malicious person could exploit the vulnerabilities to grant themselves elevated privileges, or execute arbitrary code. Some of the vulnerabilities were previously fixed in the code of several open source projects related to GIT. Visual Studi...
Vulnerability fixed in Cisco AnyConnect VPN for Meraki MX and Z
Cisco has fixed a vulnerability in the Cisco AnyConnect VPN server on Cisco Meraki MX and Z Series devices. The vulnerability is in how the Cisco AnyConnect VPN server initializes variables during the establishment of SSL VPN sessions. Unauthenticated remote attackers can exploit this...
Vulnerabilities fixed in HPE StoreOnce Software
HPE has fixed vulnerabilities in HPE StoreOnce Software. The vulnerabilities include command injection and remote code execution, which can lead to unauthorized access and control of affected systems. In addition, there are vulnerabilities for authentication bypass, directory traversal and...
Vulnerabilities fixed in Trend Micro Apex Central
Trend Micro has fixed vulnerabilities in Apex Central. A malicious party could exploit the vulnerabilities to execute a Server-Side Request Forgery SSRF, or through unlimited file uploads, potentially execute arbitrary code on the vulnerable system, or gain access to sensitive data. Trend Micro h...
Vulnerabilities fixed in Google Chrome
Google has fixed vulnerabilities in Google Chrome. The vulnerabilities are in the way Chrome handles certain components, including Mojo and the Loader. A malicious party could exploit these vulnerabilities to leak data or take over accounts, such as by getting a victim to click on a madafilde lin...
Vulnerability fixed in FortiVoice
Fortinet has fixed a vulnerability in FortiVoice, FortiMail, FortiNDR, FortiRecorder and FortiCamera. The vulnerability is in the way FortiVoice systems handle HTTP requests, leading to a stack-based buffer overflow. This allows a malicious, unauthenticated attacker to execute arbitrary code by...
Vulnerability fixed in Adobe Illustrator
Adobe has fixed a vulnerability in Illustrator Specifically for versions 29.3, 28.7.5 and earlier. The vulnerability is in the way Illustrator handles files. A malicious party can exploit this vulnerability by creating a malicious file that, when opened by a user, can lead to arbitrary code...