4190 matches found
Vulnerabilities fixed in Trend Micro Apex Central
Trend Micro has fixed vulnerabilities in Apex Central. A malicious party could exploit the vulnerabilities to execute a Server-Side Request Forgery SSRF, or through unlimited file uploads, potentially execute arbitrary code on the vulnerable system, or gain access to sensitive data. Trend Micro h...
Vulnerabilities fixed in Google Chrome
Google has fixed vulnerabilities in Google Chrome. The vulnerabilities are in the way Chrome handles certain components, including Mojo and the Loader. A malicious party could exploit these vulnerabilities to leak data or take over accounts, such as by getting a victim to click on a madafilde lin...
Vulnerability fixed in FortiVoice
Fortinet has fixed a vulnerability in FortiVoice, FortiMail, FortiNDR, FortiRecorder and FortiCamera. The vulnerability is in the way FortiVoice systems handle HTTP requests, leading to a stack-based buffer overflow. This allows a malicious, unauthenticated attacker to execute arbitrary code by...
Vulnerability fixed in Adobe Illustrator
Adobe has fixed a vulnerability in Illustrator Specifically for versions 29.3, 28.7.5 and earlier. The vulnerability is in the way Illustrator handles files. A malicious party can exploit this vulnerability by creating a malicious file that, when opened by a user, can lead to arbitrary code...
Vulnerabilities fixed in Adobe ColdFusion
Adobe has fixed vulnerabilities in ColdFusion Versions 2025.1, 2023.13, 2021.19 and earlier. The vulnerabilities are in the way ColdFusion handles input validation and authorization. Highly privileged attackers can execute arbitrary code without user interaction, which can lead to unauthorized...
Vulnerabilities fixed in Siemens products
Siemens has fixed vulnerabilities in various products such as Apogee, BacNet ATEC, Desigo CC, Intralog, OZW, Polarion, RUGGEDCOM, SICAM, SIMATIC, SIPROTEC, SIRIUS, Teamcenter and Versicharge The vulnerabilities potentially enable a malicious person to launch attacks that could result in the...
Vulnerabilities fixed in Microsoft Defender
Microsoft has fixed vulnerabilities in Defender for Endpoint and Defender for Identity. A malicious party could exploit the vulnerabilities to impersonate another user and assign themselves elevated privileges, enabling execution of arbitrary code with SYSTEM privileges. For successful...
Vulnerability fixed in Cisco Webex App
Cisco has fixed a vulnerability in the Cisco Webex App. The vulnerability is in the way the Cisco Webex App handles its custom URL parser. Unauthenticated remote malicious actors can exploit this vulnerability to trick users into downloading arbitrary files, which can lead to unauthorized command...
Vulnerabilities fixed in Oracle JD Edwards
Oracle has fixed vulnerabilities in JD Edwards EnterpriseOne Tools Specifically for versions 9.2.0.0 to 9.2.9.2. The vulnerabilities in JD Edwards EnterpriseOne Tools allow unauthenticated malicious actors to access the system via HTTP, which can lead to unauthorized access to and manipulation of...
Vulnerabilities fixed in Adobe Framemaker
Adobe has fixed vulnerabilities in Adobe Framemaker Specifically for versions 2020.7, 2022.5 and earlier. The vulnerabilities include a Heap-based Buffer Overflow, Stack-based Buffer Overflow, Integer Underflow, NULL Pointer Dereference and an out-of-bounds read. These vulnerabilities can lead to...
Vulnerabilities fixed in Adobe Animate
Adobe has fixed vulnerabilities in Animate versions 24.0.7, 23.0.10 and earlier. The vulnerabilities include a Heap-based Buffer Overflow, a Use After Free and two out-of-bounds read vulnerabilities. These vulnerabilities can lead to arbitrary code execution in the context of the user and...
Vulnerabilities fixed in Microsoft Windows
Microsoft has fixed vulnerabilities in Windows. A malicious party can exploit the vulnerabilities to carry out attacks that can lead to the following categories of damage: - Denial-of-Service DoS - Circumvention of security measure - Execution of arbitrary code root/admin privileges - Execution o...
Vulnerabilities fixed in Microsoft Azure
Microsoft has fixed vulnerabilities in several Azure products. A malicious person could exploit the vulnerabilities to grant themselves elevated privileges and gain access to sensitive data. The vulnerability with reference CVE-2025-27489 allows the malicious party, by loading a non-Microsoft DLL...
Vulnerability fixed in Microsoft System Center
Microsoft has fixed a vulnerability in System Center. The vulnerability allows a malicious person through an untrusted path within System Center, to elevate local permissions. For successful exploitation, the malicious party must have access to the device to reach the System Center Windows...
Vulnerability fixed in Google Chrome
Google has fixed a vulnerability in Chrome. A malicious party can exploit the vulnerability by convincing a victim to open a rogue link. In this way, the sandbox security of the Chrome browser can be bypassed. Combined with a currently unknown vulnerability, this could lead to the execution of...
Vulnerability fixed in Next.js
Vercel has fixed a vulnerability in Next.js Specific to versions 14.2.25 and 15.2.3 Next.js is a popular framework for developing Web applications. The vulnerability is in the way Next.js handles authentication checks in its own middleware. This allows malicious actors to bypass these controls,...
Vulnerabilities fixed in IBM AIX
IBM has fixed vulnerabilities in IBM AIX Specifically for versions 7.2 and 7.3. The vulnerabilities are in the NIM master service and the nimsh service's SSL/TLS protection mechanisms in IBM AIX versions 7.2 and 7.3. These vulnerabilities can be exploited by remote malicious actors to execute...
Vulnerability fixed in Synology DiskStation Manager
Synology has fixed a vulnerability in Synology DiskStation Manager DSM. The vulnerability is located in the LDAP functionality of Synology DiskStation Manager. This vulnerability can be exploited by man-in-the-middle attackers, allowing unauthorized interception of administrator authentication...
Vulnerability fixed in Elastic Kibana
Elastic has fixed a vulnerability in Kibana. The vulnerability with reference CVE-2025-25015 allows an authenticated remote malicious person to execute arbitrary code via a specially prepared file upload and specially prepared HTTP requests. The exploitability of this vulnerability depends on the...
Vulnerabilities fixed in IBM Storage products
IBM has fixed vulnerabilities in IBM FlashSystem, SAN Volume Controller, Storwize and Storage Virtualize. The vulnerabilities are in the RPCAdapter service of specific versions of IBM FlashSystem. Attackers can bypass RPCAdapter authentication through specially crafted HTTP requests, which can le...
Vulnerability fixed in Zohocorp ManageEngine ADSelfService Plus
Zohocorp has fixed a vulnerability in ManageEngine ADSelfService Plus Specifically for versions 6510 and earlier. The vulnerability is in the way sessions are managed in ManageEngine ADSelfService Plus. This issue allows valid account holders to abuse the system, which can lead to possible accoun...
Vulnerability fixed in MITRE Caldera
MITRE has fixed a vulnerability in Caldera Specifically for versions 4.2.0 and 5.0.0. The vulnerability is in how the Caldera server processes Web requests. Malicious attackers can send specially crafted Web requests to the Caldera server API, allowing them to execute arbitrary code on the server...
Vulnerabilities fixed in SonicWall SonicOS
Sonicwall has fixed vulnerabilities in SonicOS for Gen6 and Gen7 firewalls. The first vulnerability concerns a weak pseudo-random number generator in the SSLVPN CVE-2024-40762, allowing attackers to predict authentication tokens in some cases. CVE-2024-53704 concerns improper authentication in th...
Vulnerability fixed in Fortinet FortiOS
Fortinet has fixed a vulnerability in FortiOS Specifically for versions 7.2.4 to 7.2.8 and 7.4.0 to 7.4.4. The vulnerability is in the way FortiOS handles UDP packets. A malicious party, if stack protection is bypassed and the fabric service is active on the exposed interface, can execute arbitra...
Vulnerabilities fixed in Microsoft Windows
Microsoft has fixed vulnerabilities in Windows. A malicious party can exploit the vulnerabilities to carry out attacks that can lead to the following categories of damage: - Denial-of-Service DoS. - Obtaining elevated privileges - Circumvention of security measure - Spoofing - Execution of...
Vulnerabilities fixed in Cisco Identity Services Engine
Cisco has fixed vulnerabilities in Cisco Identity Services Engine ISE. The vulnerabilities are in the API of Cisco ISE, which allows an authenticated remote malicious person to execute arbitrary commands as the root user through insecure deserialization of Java byte streams. All of these...
Vulnerabilities fixed in Cisco AsyncOS Software
Cisco has fixed vulnerabilities in Cisco AsyncOS Software Specific to Cisco Secure Web Appliance and Cisco Secure Email Gateway. The vulnerabilities are in the way Cisco AsyncOS Software handles requests and configuration files. An attacker can gain unauthenticated access to the system by using...
Vulnerabilities fixed in Apple iPadOS and iOS
Apple has fixed vulnerabilities in iOS and iPadOS. The vulnerabilities include problems with memory management, input validation, and Web content processing that could lead to unauthorized access, execution of arbitrary code, and denial-of-service attacks. Apple indicates that CVE-2025-24085, whi...
Vulnerability fixed in Cisco BroadWorks
Cisco has fixed a vulnerability in Cisco BroadWorks. The vulnerability is in how the Cisco BroadWorks SIP processing system handles specific SIP requests. Unauthenticated remote attackers can exploit this vulnerability to perform a denial-of-service DoS attack, which can lead to memory exhaustion...
Vulnerabilities fixed in Oracle PeopleSoft
Oracle has fixed several vulnerabilities in Oracle PeopleSoft, specifically in versions 8.60, 8.61 and 9.2. The vulnerabilities in Oracle PeopleSoft allow authenticated malicious parties to gain unauthorized access to specific data via HTTP network access, which can lead to unauthorized data...
Vulnerabilities fixed in Schneider Electric Modicon
Schneider Electric has fixed vulnerabilities in Modicon M340, M580 and various communication modules. A malicious party could exploit the vulnerabilities to cause a denial-of-service or gain access to system data and possibly affect the operation of the controllers. For successful abuse, the...
Vulnerabilities fixed in Juniper JunOS
Juniper has fixed vulnerabilities in JunS Specifically JunOS and JunOS Evolved. The vulnerabilities are in the way Juniper's JunOS and JunOS Evolved handle BGP packets and IPv6 packets. The first vulnerability can be exploited by unauthenticated attackers sending distorted BGP packets, which can...
Vulnerability fixed in Apache Struts
Apache has fixed a vulnerability in Apache Struts Versions from 2.0.0 to before 6.4.0. The vulnerability is in the way the file upload logic is implemented in the deprecated FileUploadInterceptor. This vulnerability can be exploited to execute arbitrary code on systems running these versions. Sin...
Vulnerability fixed in Schneider Electric Modicon
Schneider Electric has fixed a vulnerability in devices that use the Modbus protocol. The vulnerability is in how devices using the Modbus protocol validate input. When an unauthenticated and customized Modbus packet is sent to the device, it can result in a denial-of-service, compromising both t...
Vulnerabilities fixed in macOS
Apple has fixed vulnerabilities in macOS Sequoia 15.2, Ventura 13.7.2, and Sonoma 14.7.2. The vulnerabilities include a use-after-free vulnerability that could lead to unexpected application termination or arbitrary code execution, and logic issues that allowed applications to modify protected...
Vulnerability fixed in Adobe Premiere Pro
Adobe has fixed a vulnerability in Premiere Pro Specifically for versions 25.0, 24.6.3 and earlier. The vulnerability is in the way Premiere Pro handles files, leading to a heap-based buffer overflow. This can allow a malicious party to execute arbitrary code when a user opens a maliciously craft...
Vulnerability fixed in Trend Micro Deep Security
Trend Micro has fixed a vulnerability in Trend Micro Deep Security. The vulnerability is in the Trend Micro Deep Security 20 Agent and allows malicious actors with legitimate domain access to elevate privileges and potentially execute arbitrary code. Trend Micro has released updates to fix the...
Vulnerabilities fixed in VMware vCenter Server
VMware has fixed vulnerabilities in vCenter Server. A malicious party could exploit the vulnerabilities to grant themselves elevated privileges, possibly even to root and execute arbitrary code on the system. VMware reports in an update to its original security advisory that exploits have been...
Vulnerabilities fixed in Adobe InDesign
Adobe has fixed vulnerabilities in InDesign desktop applications Specifically for versions ID18.5.3, ID19.5 and earlier. The vulnerabilities are in the way the InDesign desktop applications handle specially crafted files. This can lead to a heap-based buffer overflow, which allows an attacker to...
Vulnerabilities fixed in Citrix NetScaler ADC and NetScaler Gateway
Cirtix has fixed a number of vulnerabilities in NetScaler ADC and NetScaler Gateway. A malicious party could exploit the vulnerabilities to launch attacks that could lead to the following categories of damage: - Denial-of-Service DoS - Increased user privileges Citrix has released updates to...
Vulnerabilities fixed in Solarwinds Platform
Solarwinds has fixed vulnerabilities in Solarwinds Platform. An authenticated malicious person could exploit the vulnerabilities to launch a Cross-Site Scripting attack or locally increase permissions. Solarwinds has released updates to fix the vulnerabilities in Solarwinds Platform 2024.4. See...
Vulnerability fixed in Solarwinds Web Helpdesk
Solarwinds has fixed a vulnerability in Web Helpdesk. An unauthenticated malicious person could exploit the vulnerability to execute deserialization code on the system without authentication using Java. Solarwinds developers have released a hotfix to fix the vulnerability. See attached references...
Fixed vulnerabilities in several Veeam products.
Veeam has fixed vulnerabilities in several products, including Backup & Replication, ONE, Service Provider Console and Agent. UPDATE: POC code is now available online and CVE-2024-40711 has recently been actively abused to roll out ransomware. A malicious party can exploit the vulnerabilities to...
Vulnerabilities fixed in Microsoft SQL Server Power BI Report Server
Microsoft fixed vulnerabilities in SQL Server Power BI Report Server A malicious party could exploit the vulnerabilities to impersonate another user and execute arbitrary code under their context, possibly with administrator privileges. Successful exploitation requires the malicious party to have...
Vulnerabilities fixed in Draytek Vigor routers
Draytek has fixed vulnerabilities in several types of Vigor series routers. A malicious party could exploit the vulnerabilities to cause a Denial-of-Service, or perform a Cross-Site-Scripting attack, potentially gaining access to sensitive data or executing arbitrary code in the context of the...
Vulnerabilities fixed in Apple iOS and iPadOS
Apple has fixed vulnerabilities in iOS and iPadOS. A malicious party can exploit the vulnerabilities to carry out attacks that can lead to the following categories of damage: - Cross-Site Scripting XSS - Denial-of-Service DoS. - Manipulation of data - Circumvention of security measure - Access to...
Vulnerabilities fixed in SAP products
SAP has fixed vulnerabilities in several products, including SAP, Business Warehouse, NetWeaver, HANA, Business Objects and Commerce. A malicious party can exploit the vulnerabilities to launch attacks that can lead to the following categories of damage: - Cross-Site Scripting XSS. - Bypassing...
Vulnerabilities fixed in Microsoft Windows
Microsoft has fixed vulnerabilities in Windows. A malicious party can exploit the vulnerabilities to cause a denial-of-service, grant themselves elevated privileges, execute arbitrary code with the victim's privileges and potentially gain access to sensitive data. The most serious vulnerability h...
Vulnerability fixed in Sonicwall SonicOS
Sonicwall has fixed a vulnerability in SonicOS for Gen5, Gen6 and Gen7 firewalls. The vulnerability is located in the management interface and SSLVPN and allows a malicious party to cause a Denial-of-Service and potentially access and modify system data. The NCSC is receiving signals from trusted...
Vulnerabilities fixed in QNAP QTS and QTS Hero
QNAP has fixed vulnerabilities in QTS and QTS Hero. A malicious party could exploit the vulnerabilities to grant themselves elevated privileges, access sensitive data or execute arbitrary OS commands. For successful abuse, the malicious party must already have prior authentication. QNAP has...