4179 matches found
Vulnerabilities fixed in Fortinet products
Fortinet has fixed vulnerabilities in FortiManager, FortiManager Cloud, FortiAnalyzer, FortiOS, FortiProxy, FortiPAM, FortiSRA, FortiSwitchManager and FortiWeb. The vulnerabilities include an OS Command Injection that allows local attackers to execute unauthorized code by manipulating CLI command...
Vulnerability fixed in Adobe Illustrator
Adobe has fixed a vulnerability in Illustrator Specifically for versions 29.3, 28.7.5 and earlier. The vulnerability is in the way Illustrator handles files. A malicious party can exploit this vulnerability by creating a malicious file that, when opened by a user, can lead to arbitrary code...
Vulnerabilities fixed in Adobe Photoshop
Adobe has fixed vulnerabilities in Adobe Photoshop Versions 26.5, 25.12.2 and earlier. The vulnerabilities are in how Adobe Photoshop handles specially crafted files. When a user opens a malicious file, it can lead to the execution of unauthorized code execution on the system. Adobe has released...
Vulnerabilities fixed in Adobe Animate
Adobe has fixed vulnerabilities in Animate versions 24.0.8, 23.0.11 and earlier. The vulnerabilities include a critical vulnerability that allows arbitrary code execution via an out-of-bounds write, a NULL Pointer Dereference that can lead to application crashes, and several integer-related...
Vulnerabilities fixed in Adobe ColdFusion
Adobe has fixed vulnerabilities in ColdFusion Versions 2025.1, 2023.13, 2021.19 and earlier. The vulnerabilities are in the way ColdFusion handles input validation and authorization. Highly privileged attackers can execute arbitrary code without user interaction, which can lead to unauthorized...
Vulnerability fixed in Ivanti Neurons for ITSM
Ivanti has fixed a vulnerability in Ivanti Neurons On-prem for ITSM Versions for 2023.4, 2024.2, and 2024.3 The vulnerability involves a critical authentication bypass that allows remote, unauthenticated attackers to gain administrative access. This could lead to unauthorized actions within the...
Vulnerabilities fixed in Siemens products
Siemens has fixed vulnerabilities in various products such as Apogee, BacNet ATEC, Desigo CC, Intralog, OZW, Polarion, RUGGEDCOM, SICAM, SIMATIC, SIPROTEC, SIRIUS, Teamcenter and Versicharge The vulnerabilities potentially enable a malicious person to launch attacks that could result in the...
Vulnerabilities fixed in Microsoft Windows
Microsoft has fixed vulnerabilities in Windows. A malicious party can exploit the vulnerabilities to carry out attacks that can lead to the following categories of damage: - Denial-of-Service DoS - Circumvention of a security measure - Execution of arbitrary code root/admin privileges - Execution...
Vulnerabilities fixed in Microsoft Edge
Microsoft has fixed vulnerabilities in Edge Chromium Based. A malicious person could exploit the vulnerabilities to impersonate the victim and gain access to sensitive data or execute arbitrary code in the victim's context. This update also incorporates the Chrome/Chromium vulnerabilities marked...
Vulnerabilities fixed in Microsoft Defender
Microsoft has fixed vulnerabilities in Defender for Endpoint and Defender for Identity. A malicious party could exploit the vulnerabilities to impersonate another user and assign themselves elevated privileges, enabling execution of arbitrary code with SYSTEM privileges. For successful...
Vulnerabilities fixed in Microsoft Azure
Microsoft has fixed vulnerabilities in several Azure components. A malicious party could exploit the vulnerabilities to impersonate another user, assign themselves elevated privileges and gain access to sensitive data. Microsoft has since released updates to fix the vulnerabilities marked...
Vulnerabilities fixed in Microsoft Office
Microsoft has fixed vulnerabilities in several Office products. A malicious person could exploit the vulnerabilities to grant themselves elevated privileges and execute arbitrary code with the victim's privileges. Successful exploitation requires the malicious party to trick the victim into openi...
Vulnerabilities fixed in Microsoft Dynamics Dataverse
Microsoft has fixed vulnerabilities in Dynamics Dataverse. A malicious person could exploit the vulnerabilities to grant themselves elevated privileges and execute arbitrary code with application privileges. For the vulnerability with reference CVE-2025-47732, Microsoft has released updates in th...
Vulnerabilities fixed in Microsoft Developer Tools
Microsoft has fixed vulnerabilities in several Developer Tools. A malicious party can exploit the vulnerabilities to carry out attacks that can lead to the following categories of damage: - Circumvention of a security measure - Execution of arbitrary code user privileges - Access to sensitive dat...
Vulnerabilities fixed in Apple macOS
Apple has fixed vulnerabilities in macOS Specifically for Ventura 13.7.6, Sequoia 15.5 and Sonoma 14.7.6. The vulnerabilities include several issues, such as memory damage from processing maliciously created Web content, unauthorized access to sensitive user data, and unexpected system...
Vulnerabilities fixed in Apple iOS and iPadOS
Apple has fixed vulnerabilities in iOS and iPadOS. The vulnerabilities include a range of problems, such as memory corruption, unauthorized access to sensitive data, and denial-of-service attacks. These vulnerabilities can be exploited by malicious actors through various vectors, including...
Vulnerabilities fixed in SAP products
SAP has fixed multiple vulnerabilities in various SAP products, including NetWeaver, NetWeaver Visual Composer, SAP GUI, pcde, Business Objects, HANA and other components. The vulnerabilities include an unlimited file upload error that allows unauthenticated users to upload malicious files, which...
Vulnerabilities fixed in ASUS DriverHub
ASUS fixed vulnerabilities in ASUS DriverHub The vulnerabilities are in the way ASUS DriverHub processes HTTP requests. DriverHub is a tool from ASUS which runs in the background and ensures that system drivers are kept up to date. Untrusted sources can use specially crafted HTTP requests to...
Vulnerabilities fixed in F5 BIG-IP
F5 has fixed vulnerabilities in its BIG-IP systems. The vulnerabilities are in several configurations of the BIG-IP systems, including the Traffic Management Microkernel TMM that can be terminated by unpublished requests. This can lead to performance and stability issues, especially for software...
Vulnerabilities fixed in Cisco IOS XE Software
Cisco has fixed vulnerabilities in Cisco IOS XE Software. The vulnerabilities in Cisco IOS XE Software include several issues, including insufficient input validation and improper memory management. These vulnerabilities can be exploited by unauthenticated attackers to cause denial-of-service DoS...
Vulnerabilities fixed in SonicWall SMA100
SonicWall has fixed vulnerabilities in the SMA100 series. The vulnerabilities are in the way the SMA100 series handles authenticated SSLVPN users. CVE-2025-32819 allows these users to bypass path-traversal controls and delete arbitrary files, which can lead to a reset of the device to factory...
Vulnerabilities fixed in SysAid On-Prem
SysAid has fixed vulnerabilities in SysAid On-Prem Versions up to 23.3.40 The vulnerability is in the unauthenticated XML External Entity XXE present in SysAid On-Prem versions up to 23.3.40. This vulnerability allows attackers to exploit the system without authentication. This can lead to...
Vulnerabilities fixed in Google Android and Samsung Mobile
Google has fixed vulnerabilities in Android. The vulnerabilities are in the Keymaster trustlet, SmartManagerCN and FreeType, among others. The vulnerabilities allow a local attacker to run code on the device and execute code with SmartManagerCN privileges. Google reports receiving information tha...
Vulnerabilities fixed in Mozilla Firefox and Thunderbird
Mozilla has fixed vulnerabilities in Firefox and Thunderbird Specifically for versions under 138 and 128.10. The vulnerabilities include privilege escalation through code injection, insecure processing of WebGL shader attributes, improper isolation of processes, and local code execution through...
Vulnerabilities fixed in Keycloak
Red Hat has fixed vulnerabilities in Keycloak. The vulnerabilities include an issue where JWT tokens with long expiration times can cause infinite growth in the cache, resulting in an OutOfMemoryError and a Denial-of-Service for legitimate users. In addition, verification of trust store...
Vulnerability fixed in Commvault Command Center
Commvault has fixed a vulnerability in Command Center. The vulnerability can be exploited by an unauthenticated remote malicious person to execute arbitrary code. This requires sending a specially crafted http request to the vulnerable application containing a reference to a rogue zip file. The...
Vulnerabilities fixed in SAP products
SAP has fixed vulnerabilities in several products, including SAP Financial Consolidation, SAP Landscape Transformation, SAP NetWeaver Application Server ABAP, SAP Commerce Cloud, SAP ERP BW, SAP BusinessObjects Business Intelligence Platform, SAP KMC WPC, SAP Solution Manager, SAP S4CORE, and SAP...
Vulnerabilities fixed in Apple AirPlay as used by macOS, iOS and iPadOS
Apple has fixed vulnerabilities in AirPlay, as used in various Apple products including macOS, iOS and iPadOS. The vulnerabilities are exploited to cause a denial-of-service, bypass authentication and execute arbitrary code. To do this, the malicious party needs to send malicious content to a...
Vulnerability fixed in SonicWall SonicOS
SonicWall has fixed a vulnerability in SonicOS. The vulnerability is in how SonicOS' SSLVPN Virtual Office interface functions. An unauthenticated malicious person could exploit this vulnerability, which could result in a firewall crash. This could result in a Denial-of-Service DoS situation,...
Vulnerability fixed in Erlang/OTP SSH server
Erlang/OTP developers have fixed a vulnerability in Erlang OTP. The vulnerability is located in the SSH functionality of affected versions of Erlang/OTP. The vulnerability allows an unauthenticated remote malicious person to execute arbitrary code in context of the SSH deamon by sending prepared...
Vulnerabilities fixed in Apple macOS, iOS and iPadOS
Apple has fixed vulnerabilities in macOS, iOS and iPadOS. A malicious party could exploit the vulnerabilities to execute arbitrary code with user privileges, potentially gaining access to sensitive data. Apple reports having information that the vulnerabilities have been limited and highly target...
Vulnerabilities fixed in Siemens TeleControl Server
Siemens has fixed vulnerabilities in TeleControl Server Basic. The vulnerabilities are in how the TeleControl Server Basic allows SQL injection through various methods, such as 'CreateTrace,' 'VerifyUser,' 'Authenticate,' and many others. These vulnerabilities allow unauthenticated and...
Vulnerability fixed in Cisco Webex App
Cisco has fixed a vulnerability in the Cisco Webex App. The vulnerability is in the way the Cisco Webex App handles its custom URL parser. Unauthenticated remote malicious actors can exploit this vulnerability to trick users into downloading arbitrary files, which can lead to unauthorized command...
Vulnerabilities fixed in Oracle PeopleSoft
Oracle has fixed vulnerabilities in Oracle PeopleSoft's Enterprise PeopleTools versions 8.60, 8.61 and 8.62, Talent Acquisition Manager version 9.2 and Enterprise CC Common Application Objects version 9.2. The vulnerabilities in Oracle PeopleSoft's Enterprise PeopleTools, Talent Acquisition Manag...
Vulnerabilities fixed in Oracle MySQL
Oracle fixed multiple vulnerabilities in MySQL The vulnerabilities in Oracle MySQL allow malicious parties to launch a denial-of-service attack, gain access to sensitive data or, with sufficient authorizations, affect the operation of the MySQL server. Oracle has released updates to fix the...
Vulnerabilities fixed in Oracle JD Edwards
Oracle has fixed vulnerabilities in JD Edwards EnterpriseOne Tools Specifically for versions 9.2.0.0 to 9.2.9.2. The vulnerabilities in JD Edwards EnterpriseOne Tools allow unauthenticated malicious actors to access the system via HTTP, which can lead to unauthorized access to and manipulation of...
Vulnerabilities fixed in Oracle Java
Oracle has fixed vulnerabilities in Oracle Java SE and GraalVM Specifically for versions 17.0.14, 21.0.6, 21.0.6 and 24. The vulnerabilities in Oracle Java SE and GraalVM allow unauthenticated malicious actors with network access to manipulate or access critical data. This can lead to unauthorize...
Vulnerabilities fixed in Oracle Analytics
Oracle has fixed vulnerabilities in Oracle Analytics. The vulnerabilities allow unauthenticated malicious actors to gain access to sensitive data, attack denial-of-service, and even gain complete control of systems. Specific vulnerabilities in Oracle Business Intelligence Enterprise Edition can...
Vulnerabilities fixed in Oracle Fusion Middleware
Oracle has fixed multiple vulnerabilities in several products, including the Utilities Application Framework, WebLogic Server, and Fusion Middleware. The vulnerabilities allow unauthenticated malicious actors to gain access to critical data, cause denial-of-service DoS, and in some cases even gai...
Vulnerabilities fixed in Oracle Financial Services
Oracle fixed vulnerabilities in several Financial Services products The vulnerabilities allow unauthenticated malicious parties to access critical data via HTTP, which can lead to unauthorized data access and other security risks. Malicious parties can also exploit misconfigurations and...
Vulnerabilities fixed in Oracle Enterprise Manager
Oracle fixed vulnerabilities in Oracle Enterprise Manager The vulnerabilities allow unauthenticated attackers to compromise systems via HTTP or SSH, which can lead to denial-of-service DoS or confidential information disclosure. Specifically in Apache MINA's ObjectSerializationDecoder, there is a...
Vulnerabilities fixed in Oracle E-Business Suite
Oracle has fixed vulnerabilities in Oracle E-Business Suite Specifically for versions 12.2.3 to 12.2.14. The vulnerabilities are in several components of the Oracle E-Business Suite, including the Enterprise Command Center Framework, CRM Technical Foundation, iSupplier Portal, iStore, User...
Vulnerabilities fixed in Oracle Communications
Oracle has fixed several vulnerabilities in Oracle Communications products, including Cloud Native Core and Policy Management. The vulnerabilities in Oracle Communications products allow unauthenticated attackers to gain unauthorized access to sensitive data and can lead to denial-of-service DoS...
Vulnerabilities fixed in Oracle Database Products
Oracle has fixed vulnerabilities in several Oracle Database Products and subsystems, including Oracle Server, NoSQL, TimesTen, Secure Backup and Essbase. The vulnerabilities allow unauthenticated malicious actors to cause a Denial-of-Service or gain unauthorized access to sensitive data and...
Vulnerabilities fixed in Rockwell Automation Arena
Rockwell Automation has fixed vulnerabilities in Arena. The vulnerabilities in Rockwell Automation Arena are related to local code execution caused by improper validation of user-supplied data. This allows malicious actors to reveal sensitive information and execute arbitrary code when a legitima...
Vulnerability fixed in Gladinet CentreStack
Gladinet has fixed a vulnerability in CentreStack Versions up to 16.1.10296.56315. The vulnerability is in the way hard-coded machineKeys and cryptographic keys are used, resulting in a serious deserialization vulnerability. The vulnerability allows a malicious party to generate rogue ViewState...
Vulnerabilities fixed in Ivanti Endpoint Manager
Ivanti has fixed vulnerabilities in Ivanti Endpoint Manager Specifically for versions prior to 2024 SU1 and 2022 SU7. An attacker can exploit multiple vulnerabilities in Ivanti Endpoint Manager to elevate privileges, conduct cross-site scripting attacks, execute arbitrary code, manipulate data an...
Vulnerabilities fixed in Adobe Framemaker
Adobe has fixed vulnerabilities in Adobe Framemaker Specifically for versions 2020.7, 2022.5 and earlier. The vulnerabilities include a Heap-based Buffer Overflow, Stack-based Buffer Overflow, Integer Underflow, NULL Pointer Dereference and an out-of-bounds read. These vulnerabilities can lead to...
Vulnerabilities fixed in Adobe Animate
Adobe has fixed vulnerabilities in Animate versions 24.0.7, 23.0.10 and earlier. The vulnerabilities include a Heap-based Buffer Overflow, a Use After Free and two out-of-bounds read vulnerabilities. These vulnerabilities can lead to arbitrary code execution in the context of the user and...
Vulnerability fixed in Adobe Photoshop
Adobe has fixed a vulnerability in Photoshop Desktop Specifically for versions 25.12.1, 26.4.1 and earlier. The vulnerability is in the way Photoshop Desktop handles files. A malicious party can exploit this vulnerability by creating a malicious file that, when opened by the user, can lead to...