4197 matches found
Vulnerability fixed in Cisco Webex App
Cisco has fixed a vulnerability in the Cisco Webex App. The vulnerability is in the way the Cisco Webex App handles its custom URL parser. Unauthenticated remote malicious actors can exploit this vulnerability to trick users into downloading arbitrary files, which can lead to unauthorized command...
Vulnerabilities fixed in Oracle PeopleSoft
Oracle has fixed vulnerabilities in Oracle PeopleSoft's Enterprise PeopleTools versions 8.60, 8.61 and 8.62, Talent Acquisition Manager version 9.2 and Enterprise CC Common Application Objects version 9.2. The vulnerabilities in Oracle PeopleSoft's Enterprise PeopleTools, Talent Acquisition Manag...
Vulnerabilities fixed in Oracle MySQL
Oracle fixed multiple vulnerabilities in MySQL The vulnerabilities in Oracle MySQL allow malicious parties to launch a denial-of-service attack, gain access to sensitive data or, with sufficient authorizations, affect the operation of the MySQL server. Oracle has released updates to fix the...
Vulnerabilities fixed in Oracle JD Edwards
Oracle has fixed vulnerabilities in JD Edwards EnterpriseOne Tools Specifically for versions 9.2.0.0 to 9.2.9.2. The vulnerabilities in JD Edwards EnterpriseOne Tools allow unauthenticated malicious actors to access the system via HTTP, which can lead to unauthorized access to and manipulation of...
Vulnerabilities fixed in Oracle Java
Oracle has fixed vulnerabilities in Oracle Java SE and GraalVM Specifically for versions 17.0.14, 21.0.6, 21.0.6 and 24. The vulnerabilities in Oracle Java SE and GraalVM allow unauthenticated malicious actors with network access to manipulate or access critical data. This can lead to unauthorize...
Vulnerabilities fixed in Oracle Analytics
Oracle has fixed vulnerabilities in Oracle Analytics. The vulnerabilities allow unauthenticated malicious actors to gain access to sensitive data, attack denial-of-service, and even gain complete control of systems. Specific vulnerabilities in Oracle Business Intelligence Enterprise Edition can...
Vulnerabilities fixed in Oracle Fusion Middleware
Oracle has fixed multiple vulnerabilities in several products, including the Utilities Application Framework, WebLogic Server, and Fusion Middleware. The vulnerabilities allow unauthenticated malicious actors to gain access to critical data, cause denial-of-service DoS, and in some cases even gai...
Vulnerabilities fixed in Oracle Financial Services
Oracle fixed vulnerabilities in several Financial Services products The vulnerabilities allow unauthenticated malicious parties to access critical data via HTTP, which can lead to unauthorized data access and other security risks. Malicious parties can also exploit misconfigurations and...
Vulnerabilities fixed in Oracle Enterprise Manager
Oracle fixed vulnerabilities in Oracle Enterprise Manager The vulnerabilities allow unauthenticated attackers to compromise systems via HTTP or SSH, which can lead to denial-of-service DoS or confidential information disclosure. Specifically in Apache MINA's ObjectSerializationDecoder, there is a...
Vulnerabilities fixed in Oracle E-Business Suite
Oracle has fixed vulnerabilities in Oracle E-Business Suite Specifically for versions 12.2.3 to 12.2.14. The vulnerabilities are in several components of the Oracle E-Business Suite, including the Enterprise Command Center Framework, CRM Technical Foundation, iSupplier Portal, iStore, User...
Vulnerabilities fixed in Oracle Communications
Oracle has fixed several vulnerabilities in Oracle Communications products, including Cloud Native Core and Policy Management. The vulnerabilities in Oracle Communications products allow unauthenticated attackers to gain unauthorized access to sensitive data and can lead to denial-of-service DoS...
Vulnerabilities fixed in Oracle Database Products
Oracle has fixed vulnerabilities in several Oracle Database Products and subsystems, including Oracle Server, NoSQL, TimesTen, Secure Backup and Essbase. The vulnerabilities allow unauthenticated malicious actors to cause a Denial-of-Service or gain unauthorized access to sensitive data and...
Vulnerabilities fixed in Rockwell Automation Arena
Rockwell Automation has fixed vulnerabilities in Arena. The vulnerabilities in Rockwell Automation Arena are related to local code execution caused by improper validation of user-supplied data. This allows malicious actors to reveal sensitive information and execute arbitrary code when a legitima...
Vulnerability fixed in Gladinet CentreStack
Gladinet has fixed a vulnerability in CentreStack Versions up to 16.1.10296.56315. The vulnerability is in the way hard-coded machineKeys and cryptographic keys are used, resulting in a serious deserialization vulnerability. The vulnerability allows a malicious party to generate rogue ViewState...
Vulnerabilities fixed in Ivanti Endpoint Manager
Ivanti has fixed vulnerabilities in Ivanti Endpoint Manager Specifically for versions prior to 2024 SU1 and 2022 SU7. An attacker can exploit multiple vulnerabilities in Ivanti Endpoint Manager to elevate privileges, conduct cross-site scripting attacks, execute arbitrary code, manipulate data an...
Vulnerabilities fixed in Adobe Framemaker
Adobe has fixed vulnerabilities in Adobe Framemaker Specifically for versions 2020.7, 2022.5 and earlier. The vulnerabilities include a Heap-based Buffer Overflow, Stack-based Buffer Overflow, Integer Underflow, NULL Pointer Dereference and an out-of-bounds read. These vulnerabilities can lead to...
Vulnerabilities fixed in Adobe Animate
Adobe has fixed vulnerabilities in Animate versions 24.0.7, 23.0.10 and earlier. The vulnerabilities include a Heap-based Buffer Overflow, a Use After Free and two out-of-bounds read vulnerabilities. These vulnerabilities can lead to arbitrary code execution in the context of the user and...
Vulnerability fixed in Adobe Photoshop
Adobe has fixed a vulnerability in Photoshop Desktop Specifically for versions 25.12.1, 26.4.1 and earlier. The vulnerability is in the way Photoshop Desktop handles files. A malicious party can exploit this vulnerability by creating a malicious file that, when opened by the user, can lead to...
Vulnerabilities fixed in Adobe ColdFusion
Adobe has fixed vulnerabilities in ColdFusion Specifically for versions 2023.12, 2021.18, 2025.0 and earlier. The vulnerabilities are in the way ColdFusion handles input validation, authentication, access and deserialization of untrusted data. Malicious parties can exploit these vulnerabilities t...
Vulnerabilities fixed in Adobe After Effects
Adobe has fixed vulnerabilities in Adobe After Effects Specifically for versions 25.1, 24.6.4, and earlier. The vulnerabilities include vulnerabilities for arbitrary code execution, out-of-bounds read, and a NULL Pointer Dereference. Attackers can exploit these vulnerabilities by opening a...
Vulnerability fixed in FortiSwitch
Fortinet has fixed a vulnerability in the FortiSwitch GUI. The vulnerability with reference CVE-2024-48887, is located in the FortiSwitch GUI, which allows a remote, unauthenticated malicious person to change admin passwords via specially crafted requests. This security issue can lead to...
Vulnerabilities fixed in Microsoft Windows
Microsoft has fixed vulnerabilities in Windows. A malicious party can exploit the vulnerabilities to carry out attacks that can lead to the following categories of damage: - Denial-of-Service DoS - Circumvention of security measure - Execution of arbitrary code root/admin privileges - Execution o...
Vulnerability fixed in Microsoft Dynamics
Microsoft has fixed a vulnerability in Dynamics. A vulnerability marked CVE-2025-29821, from incorrect input validation in Dynamics Business Central, allowed a malicious party to gain access to sensitive data. If successfully exploited, the malicious party can recover passwords in unencrypted tex...
Vulnerabilities fixed in Microsoft Developer Tools
Microsoft fixed vulnerabilities in Visual Studio and .NET A malicious party could exploit the vulnerabilities to cause a denial-of-service, grant themselves elevated privileges and/or execute arbitrary code with developer privileges. Because developers tend to work under elevated privileges, it...
Vulnerabilities fixed in Microsoft Azure
Microsoft has fixed vulnerabilities in several Azure products. A malicious person could exploit the vulnerabilities to grant themselves elevated privileges and gain access to sensitive data. The vulnerability with reference CVE-2025-27489 allows the malicious party, by loading a non-Microsoft DLL...
Vulnerability fixed in Microsoft System Center
Microsoft has fixed a vulnerability in System Center. The vulnerability allows a malicious person through an untrusted path within System Center, to elevate local permissions. For successful exploitation, the malicious party must have access to the device to reach the System Center Windows...
Vulnerabilities fixed in Microsoft Office
Microsoft has fixed vulnerabilities in several Office products. A malicious party could exploit the vulnerabilities to execute arbitrary code in the victim's context, potentially gaining access to sensitive data. The vulnerability with reference CVE-2025-29794 in Microsoft SharePoint allows a...
Vulnerabilities fixed in Siemens products
Siemens has fixed vulnerabilities in various products such as Industrial Edge Devices, Mendix, SENTRON, SIDIS, SIMATIC, SIPLUS,Insights Hub Private Cloud, Siemens License Server and Solid Edge. The vulnerabilities potentially enable a malicious person to carry out attacks that can lead to the...
Vulnerability fixed in CrushFTP
CrushFTP has fixed a vulnerability in versions 10.0.0 to 10.8.3 and 11.0.0 to 11.3.0. The vulnerability allows a malicious party to gain unauthenticated remote access via HTTP requests, which can lead to unauthorized access. Systems using CrushFTP's DMZ Proxy instance are not vulnerable...
Vulnerability fixed in Ivanti Connect Secure, Policy Secure and ZTA Gateways
Ivanti has fixed a vulnerability in Connect Secure, Policy Secure and ZTA Gateways. A malicious party could exploit the vulnerability to execute arbitrary code on the vulnerable system without prior authentication. Ivanti reports having information that the vulnerability has been exploited on...
Vulnerability fixed in Cisco Enterprise Chat and Email
Cisco has fixed a vulnerability in Cisco Enterprise Chat and Email ECE. The vulnerability is in how Cisco Enterprise Chat and Email ECE validates incorrect input in its chat functionality. This can lead to a denial-of-service DoS situation, which may require manual intervention to restore normal...
Vulnerabilities fixed in Apple iOS and iPadOS
Apple has fixed several vulnerabilities in iOS and iPadOS. The vulnerabilities include memory management issues, unauthorized access to sensitive user data, and the ability for applications to escape their sandbox environments. These vulnerabilities could lead to unauthorized access, data...
Vulnerabilities fixed in Apple macOS
Apple has fixed several vulnerabilities in macOS Specifically for Ventura 13.7.5, Sequoia 15.4 and Sonoma 14.7.5. The vulnerabilities include issues with unauthorized access to sensitive user data, logging issues, and vulnerabilities that allowed applications to obtain root privileges. These...
Vulnerabilities fixed in GitLab EE/CE
GitLab has fixed vulnerabilities in GitLab EE/CE Specifically for versions from 13.5.0 to 17.10.1. The vulnerabilities include an input validation error that allows users to inject malicious code into CLI commands, a cross-site scripting vulnerability that allows malicious actors to execute...
Vulnerabilities fixed in Kubernetes Ingress NGINX Controller
Kubernetes has fixed a number of vulnerabilities in the Ingress NGINX Controller. These vulnerabilities allow malicious actors to perform unauthenticated remote code execution RCE. The vulnerabilities are located in the ingress-nginx controller. These vulnerabilities include a critical remote cod...
Vulnerabilities fixed in Splunk Enterprise and Splunk Cloud Platform
Splunk fixed vulnerabilities in Splunk Enterprise and Splunk Cloud Platform The vulnerabilities allow low-privileged users to abuse higher user privileges, which can lead to unauthorized actions and access to sensitive information. This can occur through phishing attacks and Cross-Site Request...
Vulnerability fixed in Google Chrome
Google has fixed a vulnerability in Chrome. A malicious party can exploit the vulnerability by convincing a victim to open a rogue link. In this way, the sandbox security of the Chrome browser can be bypassed. Combined with a currently unknown vulnerability, this could lead to the execution of...
Vulnerability fixed in NetApp SnapCenter
NetApp has fixed a vulnerability in SnapCenter Specifically for versions earlier than 6.0.1P1 and 6.1P1. The vulnerability is in the way SnapCenter handles authenticated users. This allows authenticated users to gain administrative access on remote systems equipped with the SnapCenter plug-in. Th...
Vulnerability fixed in Next.js
Vercel has fixed a vulnerability in Next.js Specific to versions 14.2.25 and 15.2.3 Next.js is a popular framework for developing Web applications. The vulnerability is in the way Next.js handles authentication checks in its own middleware. This allows malicious actors to bypass these controls,...
Vulnerability fixed in Veeam Backup & Replication
Veeam has fixed a vulnerability in Veeam Backup & Replication. The vulnerability is located in the authorization mechanism of the Backup & Replication software and allows a domain user to execute arbitrary code on the system where Backup & Replication is implemented. Veeam has released critical...
Vulnerability fixed in IBM InfoSphere Information Server
IBM has fixed a vulnerability in IBM InfoSphere Information Server 11.7. The vulnerability is in the way permissions are managed within IBM InfoSphere Information Server. Local users can execute privileged commands due to this flaw, which can lead to unauthorized actions within the system. This c...
Vulnerabilities fixed in IBM AIX
IBM has fixed vulnerabilities in IBM AIX Specifically for versions 7.2 and 7.3. The vulnerabilities are in the NIM master service and the nimsh service's SSL/TLS protection mechanisms in IBM AIX versions 7.2 and 7.3. These vulnerabilities can be exploited by remote malicious actors to execute...
Vulnerability fixed in Synology DiskStation Manager
Synology has fixed a vulnerability in Synology DiskStation Manager DSM. The vulnerability is located in the LDAP functionality of Synology DiskStation Manager. This vulnerability can be exploited by man-in-the-middle attackers, allowing unauthorized interception of administrator authentication...
Vulnerability fixed in Synology Replication Service and Synology Unified Controller
Synology has fixed a vulnerability in Synology Replication Service and Synology Unified Controller. The vulnerability is located in an off-by-one flaw in the Synology Replication Service and Synology Unified Controller, which allows remote attackers to execute arbitrary code. This can lead to...
Vulnerability fixed in Apache Tomcat
Apache has fixed a vulnerability in Apache Tomcat Specifically for versions 11.0.0-M1 to 11.0.2, 10.1.0-M1 to 10.1.34, and 9.0.0.M1 to 9.0.98. The vulnerability is in the way the server handles HTTP PUT requests. By sending a malicious PUT request, an attacker can upload arbitrary files and...
Vulnerabilities fixed in Autodesk AutoCAD
Autodesk has fixed vulnerabilities in AutoCAD. The vulnerabilities in AutoCAD are related to the processing of several file types, including CATPRODUCT, CATPART, MODEL, SLDPRT and 3DM. These vulnerabilities can lead to application crashes, exposure of sensitive information and execution of...
Vulnerabilities fixed in GitLab
GitLab has fixed vulnerabilities in GitLab EE/CE versions from 11.5 to 17.9.2. The vulnerabilities include an issue where users with custom permissions can approve more membership requests than they are entitled to, which can lead to unauthorized access to restricted areas within the platform. In...
Vulnerability fixed in Apple iOS, iPadOS, macOS Sequoia, visionOS and Safari
Apple has fixed a vulnerability in Apple iOS, iPadOS, macOS Sequoia, visionOS and Safari. The vulnerability with reference CVE-2025-24201 lies in the way Apple manages its operating systems. This includes an out-of-bounds write problem that can allow unauthorized actions. Apple has released updat...
Vulnerability fixed in Ivanti Secure Access Client
Ivanti has fixed a vulnerability in Ivanti Secure Access Client. The vulnerability is located in insufficiently restrictive access privileges of the Ivanti Secure Access Client, allowing local, authenticated attackers to escalate their privileges. This could lead to unauthorized access and contro...
Vulnerabilities fixed in Adobe Acrobat Reader
Adobe has fixed vulnerabilities in Adobe Acrobat Reader. The vulnerabilities allow an attacker to execute arbitrary code on affected systems.The vulnerabilities include an out-of-bounds read and a Use After Free, both of which require the user to interact by opening a malicious file. This can lea...