4197 matches found
Vulnerability fixed in Roundcube Webmail
Roundcube has fixed a vulnerability in Roundcube Webmail specifically versions before 1.5.10 and 1.6.x before 1.6.11. An authenticated malicious party can exploit the vulnerability to execute arbitrary code. To do so, the malicious party must send a rogue HTTP request to the Roundcube application...
Vulnerabilities fixed in HPE StoreOnce Software
HPE has fixed vulnerabilities in HPE StoreOnce Software. The vulnerabilities include command injection and remote code execution, which can lead to unauthorized access and control of affected systems. In addition, there are vulnerabilities for authentication bypass, directory traversal and...
Vulnerability fixed in Cisco Identity Services Engine for cloud platforms
Cisco has fixed a vulnerability in Identity Services Engine ISE for cloud platforms. The vulnerability involves a flaw in automatic password generation when Cisco ISE is installed on a cloud platform. This causes the same passwords to be used in different ISE cloud environments. This allows an...
Vulnerability fixed in IBM Tivoli Monitoring
IBM has fixed a vulnerability in IBM Tivoli Monitoring version 6.3.0.7 through Service Pack 19. The vulnerability is in the improper validation of an index within a dynamically allocated array. This issue could allow a malicious person to execute arbitrary code on affected systems. IBM has releas...
Vulnerability fixed in Siemens SiPass Integrated
Siemens has fixed a vulnerability in SiPass Integrated. The vulnerability is in the server applications of the SiPass Integrated system, specifically in the way it handles out-of-bounds reads. This can lead to a denial-of-service DoS, compromising the availability of services that depend on the...
Vulnerabilities fixed in Infoblox NETMRI
Infoblox has fixed vulnerabilities in NETMRI Specific for versions prior to 7.6.1. The vulnerabilities include a critical vulnerability that allows remote authenticated users to access arbitrary files with root privileges, an unauthenticated remote command injection vulnerability that allows...
Vulnerabilities fixed in ABB ASPECT product line
ABB has fixed vulnerabilities in the ASPECT product line, including ASPECT-Enterprise, NEXUS Series and MATRIX Series up to version 3.08.03. The vulnerabilities include Remote Code Execution, SQL injection, servlet injection, and various forms of file access and manipulation. These vulnerabilitie...
Vulnerabilities fixed in GitLab
GitLab has fixed vulnerabilities in both the Community and Enterprise Editions of GitLab. The vulnerabilities include falsely displaying full e-mail addresses to unauthorized users, insufficient input validation that can lead to Denial-of-Service, and the ability for attackers to expose masked CI...
Vulnerabilities fixed in Trend Micro Apex Central
Trend Micro has fixed vulnerabilities in Apex Central. A malicious party could exploit the vulnerabilities to execute a Server-Side Request Forgery SSRF, or through unlimited file uploads, potentially execute arbitrary code on the vulnerable system, or gain access to sensitive data. Trend Micro h...
Vulnerabilities fixed in Cisco Unified Intelligence Center
Cisco has fixed vulnerabilities in Cisco Unified Intelligence Center. The vulnerabilities are in how Cisco Unified Intelligence Center's API validates user parameters. This can lead to privilege escalation, where authenticated attackers can gain unauthorized access to other users' sensitive data...
Vulnerability fixed in Cisco Identity Services Engine
Cisco has fixed a vulnerability in Cisco Identity Services Engine ISE. The vulnerability is in the way Cisco ISE handles RADIUS messages. Unauthenticated remote attackers can exploit this vulnerability, which can lead to a denial-of-service DoS situation on affected devices, compromising their...
Vulnerabilities fixed in Cisco Webex
Cisco has fixed vulnerabilities in Cisco Webex. The vulnerabilities are in the way Cisco Webex filters user input. Unauthenticated attackers can exploit these vulnerabilities to perform cross-site scripting XSS attacks by convincing users to click on malicious links. Such an attack can lead to...
Vulnerabilities fixed in VMware products
Broadcom has fixed vulnerabilities in VMware ESXi including Workstation and Fusion and vCenter Server. The vulnerabilities include a command-execution vulnerability in vCenter Server that allows authenticated attackers to execute arbitrary code on the server. There is also a denial-of-service...
Vulnerabilities fixed in VMware Cloud Foundation
Broadcom has fixed vulnerabilities in VMware Cloud Foundation. The vulnerabilities include a directory traversal vulnerability that allows unauthorized access to internal services by attackers with network access to port 443. In addition, a vulnerability that could expose sensitive information to...
Vulnerabilities fixed in Google Chrome
Google has fixed vulnerabilities in Google Chrome. The vulnerabilities are in the way Chrome handles certain components, including Mojo and the Loader. A malicious party could exploit these vulnerabilities to leak data or take over accounts, such as by getting a victim to click on a madafilde lin...
Vulnerabilities fixed in Ivanti Endpoint Manager Mobile (EPMM, formerly MobileIron)
Ivanti has fixed vulnerabilities in the Ivanti Endpoint Manager Mobile EPMM, formerly MobileIron. Only the On-prem versions of the EPMM are vulnerable. The vulnerabilities involve an authentication bypass and remote code execution that can be jointly abused to remotely execute code on Ivanti...
Vulnerability fixed in FortiVoice
Fortinet has fixed a vulnerability in FortiVoice, FortiMail, FortiNDR, FortiRecorder and FortiCamera. The vulnerability is in the way FortiVoice systems handle HTTP requests, leading to a stack-based buffer overflow. This allows a malicious, unauthenticated attacker to execute arbitrary code by...
Vulnerabilities fixed in Zoho ManageEngine
Zoho has fixed vulnerabilities in ManageEngine ADSelfService Plus versions 6513 and earlier and ManageEngine ADAudit Plus versions 8510 and earlier. The vulnerabilities are in the way the applications process SQL queries. In the case of ADSelfService Plus, authenticated users can execute arbitrar...
Vulnerabilities fixed in Fortinet products
Fortinet has fixed vulnerabilities in FortiManager, FortiManager Cloud, FortiAnalyzer, FortiOS, FortiProxy, FortiPAM, FortiSRA, FortiSwitchManager and FortiWeb. The vulnerabilities include an OS Command Injection that allows local attackers to execute unauthorized code by manipulating CLI command...
Vulnerability fixed in Adobe Illustrator
Adobe has fixed a vulnerability in Illustrator Specifically for versions 29.3, 28.7.5 and earlier. The vulnerability is in the way Illustrator handles files. A malicious party can exploit this vulnerability by creating a malicious file that, when opened by a user, can lead to arbitrary code...
Vulnerabilities fixed in Adobe Photoshop
Adobe has fixed vulnerabilities in Adobe Photoshop Versions 26.5, 25.12.2 and earlier. The vulnerabilities are in how Adobe Photoshop handles specially crafted files. When a user opens a malicious file, it can lead to the execution of unauthorized code execution on the system. Adobe has released...
Vulnerabilities fixed in Adobe Animate
Adobe has fixed vulnerabilities in Animate versions 24.0.8, 23.0.11 and earlier. The vulnerabilities include a critical vulnerability that allows arbitrary code execution via an out-of-bounds write, a NULL Pointer Dereference that can lead to application crashes, and several integer-related...
Vulnerabilities fixed in Adobe ColdFusion
Adobe has fixed vulnerabilities in ColdFusion Versions 2025.1, 2023.13, 2021.19 and earlier. The vulnerabilities are in the way ColdFusion handles input validation and authorization. Highly privileged attackers can execute arbitrary code without user interaction, which can lead to unauthorized...
Vulnerability fixed in Ivanti Neurons for ITSM
Ivanti has fixed a vulnerability in Ivanti Neurons On-prem for ITSM Versions for 2023.4, 2024.2, and 2024.3 The vulnerability involves a critical authentication bypass that allows remote, unauthenticated attackers to gain administrative access. This could lead to unauthorized actions within the...
Vulnerabilities fixed in Siemens products
Siemens has fixed vulnerabilities in various products such as Apogee, BacNet ATEC, Desigo CC, Intralog, OZW, Polarion, RUGGEDCOM, SICAM, SIMATIC, SIPROTEC, SIRIUS, Teamcenter and Versicharge The vulnerabilities potentially enable a malicious person to launch attacks that could result in the...
Vulnerabilities fixed in Microsoft Windows
Microsoft has fixed vulnerabilities in Windows. A malicious party can exploit the vulnerabilities to carry out attacks that can lead to the following categories of damage: - Denial-of-Service DoS - Circumvention of a security measure - Execution of arbitrary code root/admin privileges - Execution...
Vulnerabilities fixed in Microsoft Edge
Microsoft has fixed vulnerabilities in Edge Chromium Based. A malicious person could exploit the vulnerabilities to impersonate the victim and gain access to sensitive data or execute arbitrary code in the victim's context. This update also incorporates the Chrome/Chromium vulnerabilities marked...
Vulnerabilities fixed in Microsoft Defender
Microsoft has fixed vulnerabilities in Defender for Endpoint and Defender for Identity. A malicious party could exploit the vulnerabilities to impersonate another user and assign themselves elevated privileges, enabling execution of arbitrary code with SYSTEM privileges. For successful...
Vulnerabilities fixed in Microsoft Azure
Microsoft has fixed vulnerabilities in several Azure components. A malicious party could exploit the vulnerabilities to impersonate another user, assign themselves elevated privileges and gain access to sensitive data. Microsoft has since released updates to fix the vulnerabilities marked...
Vulnerabilities fixed in Microsoft Office
Microsoft has fixed vulnerabilities in several Office products. A malicious person could exploit the vulnerabilities to grant themselves elevated privileges and execute arbitrary code with the victim's privileges. Successful exploitation requires the malicious party to trick the victim into openi...
Vulnerabilities fixed in Microsoft Dynamics Dataverse
Microsoft has fixed vulnerabilities in Dynamics Dataverse. A malicious person could exploit the vulnerabilities to grant themselves elevated privileges and execute arbitrary code with application privileges. For the vulnerability with reference CVE-2025-47732, Microsoft has released updates in th...
Vulnerabilities fixed in Microsoft Developer Tools
Microsoft has fixed vulnerabilities in several Developer Tools. A malicious party can exploit the vulnerabilities to carry out attacks that can lead to the following categories of damage: - Circumvention of a security measure - Execution of arbitrary code user privileges - Access to sensitive dat...
Vulnerabilities fixed in Apple macOS
Apple has fixed vulnerabilities in macOS Specifically for Ventura 13.7.6, Sequoia 15.5 and Sonoma 14.7.6. The vulnerabilities include several issues, such as memory damage from processing maliciously created Web content, unauthorized access to sensitive user data, and unexpected system...
Vulnerabilities fixed in Apple iOS and iPadOS
Apple has fixed vulnerabilities in iOS and iPadOS. The vulnerabilities include a range of problems, such as memory corruption, unauthorized access to sensitive data, and denial-of-service attacks. These vulnerabilities can be exploited by malicious actors through various vectors, including...
Vulnerabilities fixed in SAP products
SAP has fixed multiple vulnerabilities in various SAP products, including NetWeaver, NetWeaver Visual Composer, SAP GUI, pcde, Business Objects, HANA and other components. The vulnerabilities include an unlimited file upload error that allows unauthenticated users to upload malicious files, which...
Vulnerabilities fixed in ASUS DriverHub
ASUS fixed vulnerabilities in ASUS DriverHub The vulnerabilities are in the way ASUS DriverHub processes HTTP requests. DriverHub is a tool from ASUS which runs in the background and ensures that system drivers are kept up to date. Untrusted sources can use specially crafted HTTP requests to...
Vulnerabilities fixed in F5 BIG-IP
F5 has fixed vulnerabilities in its BIG-IP systems. The vulnerabilities are in several configurations of the BIG-IP systems, including the Traffic Management Microkernel TMM that can be terminated by unpublished requests. This can lead to performance and stability issues, especially for software...
Vulnerabilities fixed in Cisco IOS XE Software
Cisco has fixed vulnerabilities in Cisco IOS XE Software. The vulnerabilities in Cisco IOS XE Software include several issues, including insufficient input validation and improper memory management. These vulnerabilities can be exploited by unauthenticated attackers to cause denial-of-service DoS...
Vulnerabilities fixed in SonicWall SMA100
SonicWall has fixed vulnerabilities in the SMA100 series. The vulnerabilities are in the way the SMA100 series handles authenticated SSLVPN users. CVE-2025-32819 allows these users to bypass path-traversal controls and delete arbitrary files, which can lead to a reset of the device to factory...
Vulnerabilities fixed in SysAid On-Prem
SysAid has fixed vulnerabilities in SysAid On-Prem Versions up to 23.3.40 The vulnerability is in the unauthenticated XML External Entity XXE present in SysAid On-Prem versions up to 23.3.40. This vulnerability allows attackers to exploit the system without authentication. This can lead to...
Vulnerabilities fixed in Google Android and Samsung Mobile
Google has fixed vulnerabilities in Android. The vulnerabilities are in the Keymaster trustlet, SmartManagerCN and FreeType, among others. The vulnerabilities allow a local attacker to run code on the device and execute code with SmartManagerCN privileges. Google reports receiving information tha...
Vulnerabilities fixed in Mozilla Firefox and Thunderbird
Mozilla has fixed vulnerabilities in Firefox and Thunderbird Specifically for versions under 138 and 128.10. The vulnerabilities include privilege escalation through code injection, insecure processing of WebGL shader attributes, improper isolation of processes, and local code execution through...
Vulnerabilities fixed in Keycloak
Red Hat has fixed vulnerabilities in Keycloak. The vulnerabilities include an issue where JWT tokens with long expiration times can cause infinite growth in the cache, resulting in an OutOfMemoryError and a Denial-of-Service for legitimate users. In addition, verification of trust store...
Vulnerability fixed in Commvault Command Center
Commvault has fixed a vulnerability in Command Center. The vulnerability can be exploited by an unauthenticated remote malicious person to execute arbitrary code. This requires sending a specially crafted http request to the vulnerable application containing a reference to a rogue zip file. The...
Vulnerabilities fixed in SAP products
SAP has fixed vulnerabilities in several products, including SAP Financial Consolidation, SAP Landscape Transformation, SAP NetWeaver Application Server ABAP, SAP Commerce Cloud, SAP ERP BW, SAP BusinessObjects Business Intelligence Platform, SAP KMC WPC, SAP Solution Manager, SAP S4CORE, and SAP...
Vulnerabilities fixed in Apple AirPlay as used by macOS, iOS and iPadOS
Apple has fixed vulnerabilities in AirPlay, as used in various Apple products including macOS, iOS and iPadOS. The vulnerabilities are exploited to cause a denial-of-service, bypass authentication and execute arbitrary code. To do this, the malicious party needs to send malicious content to a...
Vulnerability fixed in SonicWall SonicOS
SonicWall has fixed a vulnerability in SonicOS. The vulnerability is in how SonicOS' SSLVPN Virtual Office interface functions. An unauthenticated malicious person could exploit this vulnerability, which could result in a firewall crash. This could result in a Denial-of-Service DoS situation,...
Vulnerability fixed in Erlang/OTP SSH server
Erlang/OTP developers have fixed a vulnerability in Erlang OTP. The vulnerability is located in the SSH functionality of affected versions of Erlang/OTP. The vulnerability allows an unauthenticated remote malicious person to execute arbitrary code in context of the SSH deamon by sending prepared...
Vulnerabilities fixed in Apple macOS, iOS and iPadOS
Apple has fixed vulnerabilities in macOS, iOS and iPadOS. A malicious party could exploit the vulnerabilities to execute arbitrary code with user privileges, potentially gaining access to sensitive data. Apple reports having information that the vulnerabilities have been limited and highly target...
Vulnerabilities fixed in Siemens TeleControl Server
Siemens has fixed vulnerabilities in TeleControl Server Basic. The vulnerabilities are in how the TeleControl Server Basic allows SQL injection through various methods, such as 'CreateTrace,' 'VerifyUser,' 'Authenticate,' and many others. These vulnerabilities allow unauthenticated and...