Lucene search
K

4197 matches found

NCSC
NCSC
added 2025/04/17 7:11 a.m.7 views

Vulnerability fixed in Cisco Webex App

Cisco has fixed a vulnerability in the Cisco Webex App. The vulnerability is in the way the Cisco Webex App handles its custom URL parser. Unauthenticated remote malicious actors can exploit this vulnerability to trick users into downloading arbitrary files, which can lead to unauthorized command...

8.8CVSS7AI score0.00939EPSS
Exploits0References1
NCSC
NCSC
added 2025/04/16 3:13 p.m.8 views

Vulnerabilities fixed in Oracle PeopleSoft

Oracle has fixed vulnerabilities in Oracle PeopleSoft's Enterprise PeopleTools versions 8.60, 8.61 and 8.62, Talent Acquisition Manager version 9.2 and Enterprise CC Common Application Objects version 9.2. The vulnerabilities in Oracle PeopleSoft's Enterprise PeopleTools, Talent Acquisition Manag...

8.7CVSS7.1AI score0.00814EPSS
Exploits0References1
NCSC
NCSC
added 2025/04/16 3:11 p.m.25 views

Vulnerabilities fixed in Oracle MySQL

Oracle fixed multiple vulnerabilities in MySQL The vulnerabilities in Oracle MySQL allow malicious parties to launch a denial-of-service attack, gain access to sensitive data or, with sufficient authorizations, affect the operation of the MySQL server. Oracle has released updates to fix the...

9.1CVSS6.3AI score0.02772EPSS
Exploits2References1
NCSC
NCSC
added 2025/04/16 3:10 p.m.8 views

Vulnerabilities fixed in Oracle JD Edwards

Oracle has fixed vulnerabilities in JD Edwards EnterpriseOne Tools Specifically for versions 9.2.0.0 to 9.2.9.2. The vulnerabilities in JD Edwards EnterpriseOne Tools allow unauthenticated malicious actors to access the system via HTTP, which can lead to unauthorized access to and manipulation of...

9.8CVSS7.6AI score0.05582EPSS
Exploits2References1
NCSC
NCSC
added 2025/04/16 3:4 p.m.3 views

Vulnerabilities fixed in Oracle Java

Oracle has fixed vulnerabilities in Oracle Java SE and GraalVM Specifically for versions 17.0.14, 21.0.6, 21.0.6 and 24. The vulnerabilities in Oracle Java SE and GraalVM allow unauthenticated malicious actors with network access to manipulate or access critical data. This can lead to unauthorize...

9.8CVSS7.5AI score0.01344EPSS
Exploits0References1
NCSC
NCSC
added 2025/04/16 3:2 p.m.8 views

Vulnerabilities fixed in Oracle Analytics

Oracle has fixed vulnerabilities in Oracle Analytics. The vulnerabilities allow unauthenticated malicious actors to gain access to sensitive data, attack denial-of-service, and even gain complete control of systems. Specific vulnerabilities in Oracle Business Intelligence Enterprise Edition can...

10CVSS8.1AI score0.46836EPSS
Exploits7References1
NCSC
NCSC
added 2025/04/16 3:1 p.m.8 views

Vulnerabilities fixed in Oracle Fusion Middleware

Oracle has fixed multiple vulnerabilities in several products, including the Utilities Application Framework, WebLogic Server, and Fusion Middleware. The vulnerabilities allow unauthenticated malicious actors to gain access to critical data, cause denial-of-service DoS, and in some cases even gai...

10CVSS7.8AI score0.41611EPSS
Exploits18References1
NCSC
NCSC
added 2025/04/16 3:0 p.m.9 views

Vulnerabilities fixed in Oracle Financial Services

Oracle fixed vulnerabilities in several Financial Services products The vulnerabilities allow unauthenticated malicious parties to access critical data via HTTP, which can lead to unauthorized data access and other security risks. Malicious parties can also exploit misconfigurations and...

9.8CVSS7.8AI score0.54862EPSS
Exploits23References1
NCSC
NCSC
added 2025/04/16 2:59 p.m.6 views

Vulnerabilities fixed in Oracle Enterprise Manager

Oracle fixed vulnerabilities in Oracle Enterprise Manager The vulnerabilities allow unauthenticated attackers to compromise systems via HTTP or SSH, which can lead to denial-of-service DoS or confidential information disclosure. Specifically in Apache MINA's ObjectSerializationDecoder, there is a...

10CVSS7.7AI score0.23932EPSS
Exploits3References1
NCSC
NCSC
added 2025/04/16 2:58 p.m.9 views

Vulnerabilities fixed in Oracle E-Business Suite

Oracle has fixed vulnerabilities in Oracle E-Business Suite Specifically for versions 12.2.3 to 12.2.14. The vulnerabilities are in several components of the Oracle E-Business Suite, including the Enterprise Command Center Framework, CRM Technical Foundation, iSupplier Portal, iStore, User...

9.8CVSS8.1AI score0.00729EPSS
Exploits0References1
NCSC
NCSC
added 2025/04/16 8:39 a.m.18 views

Vulnerabilities fixed in Oracle Communications

Oracle has fixed several vulnerabilities in Oracle Communications products, including Cloud Native Core and Policy Management. The vulnerabilities in Oracle Communications products allow unauthenticated attackers to gain unauthorized access to sensitive data and can lead to denial-of-service DoS...

10CVSS7.5AI score0.99945EPSS
Exploits98References1
NCSC
NCSC
added 2025/04/16 8:37 a.m.22 views

Vulnerabilities fixed in Oracle Database Products

Oracle has fixed vulnerabilities in several Oracle Database Products and subsystems, including Oracle Server, NoSQL, TimesTen, Secure Backup and Essbase. The vulnerabilities allow unauthenticated malicious actors to cause a Denial-of-Service or gain unauthorized access to sensitive data and...

10CVSS7.4AI score0.99999EPSS
Exploits151References1
NCSC
NCSC
added 2025/04/14 11:29 a.m.10 views

Vulnerabilities fixed in Rockwell Automation Arena

Rockwell Automation has fixed vulnerabilities in Arena. The vulnerabilities in Rockwell Automation Arena are related to local code execution caused by improper validation of user-supplied data. This allows malicious actors to reveal sensitive information and execute arbitrary code when a legitima...

8.5CVSS7.6AI score0.00298EPSS
Exploits0References1
NCSC
NCSC
added 2025/04/10 11:53 a.m.8 views

Vulnerability fixed in Gladinet CentreStack

Gladinet has fixed a vulnerability in CentreStack Versions up to 16.1.10296.56315. The vulnerability is in the way hard-coded machineKeys and cryptographic keys are used, resulting in a serious deserialization vulnerability. The vulnerability allows a malicious party to generate rogue ViewState...

9.8CVSS7.6AI score0.93842EPSS
Exploits6References3
NCSC
NCSC
added 2025/04/09 2:41 p.m.10 views

Vulnerabilities fixed in Ivanti Endpoint Manager

Ivanti has fixed vulnerabilities in Ivanti Endpoint Manager Specifically for versions prior to 2024 SU1 and 2022 SU7. An attacker can exploit multiple vulnerabilities in Ivanti Endpoint Manager to elevate privileges, conduct cross-site scripting attacks, execute arbitrary code, manipulate data an...

9.6CVSS7AI score0.01167EPSS
Exploits1References1
NCSC
NCSC
added 2025/04/09 8:14 a.m.7 views

Vulnerabilities fixed in Adobe Framemaker

Adobe has fixed vulnerabilities in Adobe Framemaker Specifically for versions 2020.7, 2022.5 and earlier. The vulnerabilities include a Heap-based Buffer Overflow, Stack-based Buffer Overflow, Integer Underflow, NULL Pointer Dereference and an out-of-bounds read. These vulnerabilities can lead to...

7.8CVSS6.9AI score0.00287EPSS
Exploits0References1
NCSC
NCSC
added 2025/04/09 8:12 a.m.8 views

Vulnerabilities fixed in Adobe Animate

Adobe has fixed vulnerabilities in Animate versions 24.0.7, 23.0.10 and earlier. The vulnerabilities include a Heap-based Buffer Overflow, a Use After Free and two out-of-bounds read vulnerabilities. These vulnerabilities can lead to arbitrary code execution in the context of the user and...

7.8CVSS7.9AI score0.00393EPSS
Exploits0References1
NCSC
NCSC
added 2025/04/09 8:9 a.m.6 views

Vulnerability fixed in Adobe Photoshop

Adobe has fixed a vulnerability in Photoshop Desktop Specifically for versions 25.12.1, 26.4.1 and earlier. The vulnerability is in the way Photoshop Desktop handles files. A malicious party can exploit this vulnerability by creating a malicious file that, when opened by the user, can lead to...

7.8CVSS7.5AI score0.00393EPSS
Exploits0References1
NCSC
NCSC
added 2025/04/09 8:8 a.m.10 views

Vulnerabilities fixed in Adobe ColdFusion

Adobe has fixed vulnerabilities in ColdFusion Specifically for versions 2023.12, 2021.18, 2025.0 and earlier. The vulnerabilities are in the way ColdFusion handles input validation, authentication, access and deserialization of untrusted data. Malicious parties can exploit these vulnerabilities t...

9.1CVSS7.6AI score0.26691EPSS
Exploits0References1
NCSC
NCSC
added 2025/04/09 8:5 a.m.7 views

Vulnerabilities fixed in Adobe After Effects

Adobe has fixed vulnerabilities in Adobe After Effects Specifically for versions 25.1, 24.6.4, and earlier. The vulnerabilities include vulnerabilities for arbitrary code execution, out-of-bounds read, and a NULL Pointer Dereference. Attackers can exploit these vulnerabilities by opening a...

7.8CVSS8AI score0.00315EPSS
Exploits0References1
NCSC
NCSC
added 2025/04/09 6:49 a.m.9 views

Vulnerability fixed in FortiSwitch

Fortinet has fixed a vulnerability in the FortiSwitch GUI. The vulnerability with reference CVE-2024-48887, is located in the FortiSwitch GUI, which allows a remote, unauthenticated malicious person to change admin passwords via specially crafted requests. This security issue can lead to...

9.8CVSS6.8AI score0.14833EPSS
Exploits1References1
NCSC
NCSC
added 2025/04/08 6:57 p.m.7 views

Vulnerabilities fixed in Microsoft Windows

Microsoft has fixed vulnerabilities in Windows. A malicious party can exploit the vulnerabilities to carry out attacks that can lead to the following categories of damage: - Denial-of-Service DoS - Circumvention of security measure - Execution of arbitrary code root/admin privileges - Execution o...

8.8CVSS9.2AI score0.13475EPSS
Exploits7
NCSC
NCSC
added 2025/04/08 6:56 p.m.4 views

Vulnerability fixed in Microsoft Dynamics

Microsoft has fixed a vulnerability in Dynamics. A vulnerability marked CVE-2025-29821, from incorrect input validation in Dynamics Business Central, allowed a malicious party to gain access to sensitive data. If successfully exploited, the malicious party can recover passwords in unencrypted tex...

5.5CVSS6.5AI score0.00617EPSS
Exploits0
NCSC
NCSC
added 2025/04/08 6:54 p.m.8 views

Vulnerabilities fixed in Microsoft Developer Tools

Microsoft fixed vulnerabilities in Visual Studio and .NET A malicious party could exploit the vulnerabilities to cause a denial-of-service, grant themselves elevated privileges and/or execute arbitrary code with developer privileges. Because developers tend to work under elevated privileges, it...

7.5CVSS7.5AI score0.0154EPSS
Exploits0
NCSC
NCSC
added 2025/04/08 6:53 p.m.9 views

Vulnerabilities fixed in Microsoft Azure

Microsoft has fixed vulnerabilities in several Azure products. A malicious person could exploit the vulnerabilities to grant themselves elevated privileges and gain access to sensitive data. The vulnerability with reference CVE-2025-27489 allows the malicious party, by loading a non-Microsoft DLL...

7.8CVSS7.1AI score0.0125EPSS
Exploits0
NCSC
NCSC
added 2025/04/08 6:52 p.m.7 views

Vulnerability fixed in Microsoft System Center

Microsoft has fixed a vulnerability in System Center. The vulnerability allows a malicious person through an untrusted path within System Center, to elevate local permissions. For successful exploitation, the malicious party must have access to the device to reach the System Center Windows...

7.8CVSS6.2AI score0.00795EPSS
Exploits0
NCSC
NCSC
added 2025/04/08 6:50 p.m.5 views

Vulnerabilities fixed in Microsoft Office

Microsoft has fixed vulnerabilities in several Office products. A malicious party could exploit the vulnerabilities to execute arbitrary code in the victim's context, potentially gaining access to sensitive data. The vulnerability with reference CVE-2025-29794 in Microsoft SharePoint allows a...

8.8CVSS7.1AI score0.21618EPSS
Exploits4
NCSC
NCSC
added 2025/04/08 1:57 p.m.12 views

Vulnerabilities fixed in Siemens products

Siemens has fixed vulnerabilities in various products such as Industrial Edge Devices, Mendix, SENTRON, SIDIS, SIMATIC, SIPLUS,Insights Hub Private Cloud, Siemens License Server and Solid Edge. The vulnerabilities potentially enable a malicious person to carry out attacks that can lead to the...

10CVSS7.6AI score0.99098EPSS
Exploits25References9
NCSC
NCSC
added 2025/04/07 2:3 p.m.8 views

Vulnerability fixed in CrushFTP

CrushFTP has fixed a vulnerability in versions 10.0.0 to 10.8.3 and 11.0.0 to 11.3.0. The vulnerability allows a malicious party to gain unauthenticated remote access via HTTP requests, which can lead to unauthorized access. Systems using CrushFTP's DMZ Proxy instance are not vulnerable...

9.8CVSS6.8AI score0.99947EPSS
Exploits22References2
NCSC
NCSC
added 2025/04/03 2:19 p.m.5 views

Vulnerability fixed in Ivanti Connect Secure, Policy Secure and ZTA Gateways

Ivanti has fixed a vulnerability in Connect Secure, Policy Secure and ZTA Gateways. A malicious party could exploit the vulnerability to execute arbitrary code on the vulnerable system without prior authentication. Ivanti reports having information that the vulnerability has been exploited on...

9.8CVSS7.5AI score0.99979EPSS
Exploits8References2
NCSC
NCSC
added 2025/04/03 8:4 a.m.5 views

Vulnerability fixed in Cisco Enterprise Chat and Email

Cisco has fixed a vulnerability in Cisco Enterprise Chat and Email ECE. The vulnerability is in how Cisco Enterprise Chat and Email ECE validates incorrect input in its chat functionality. This can lead to a denial-of-service DoS situation, which may require manual intervention to restore normal...

7.5CVSS6.9AI score0.00638EPSS
Exploits0References2
NCSC
NCSC
added 2025/04/01 8:42 a.m.12 views

Vulnerabilities fixed in Apple iOS and iPadOS

Apple has fixed several vulnerabilities in iOS and iPadOS. The vulnerabilities include memory management issues, unauthorized access to sensitive user data, and the ability for applications to escape their sandbox environments. These vulnerabilities could lead to unauthorized access, data...

9.8CVSS8.2AI score0.18668EPSS
Exploits15References4
NCSC
NCSC
added 2025/04/01 8:41 a.m.15 views

Vulnerabilities fixed in Apple macOS

Apple has fixed several vulnerabilities in macOS Specifically for Ventura 13.7.5, Sequoia 15.4 and Sonoma 14.7.5. The vulnerabilities include issues with unauthorized access to sensitive user data, logging issues, and vulnerabilities that allowed applications to obtain root privileges. These...

9.8CVSS7.5AI score0.18668EPSS
Exploits14References3
NCSC
NCSC
added 2025/03/27 2:49 p.m.7 views

Vulnerabilities fixed in GitLab EE/CE

GitLab has fixed vulnerabilities in GitLab EE/CE Specifically for versions from 13.5.0 to 17.10.1. The vulnerabilities include an input validation error that allows users to inject malicious code into CLI commands, a cross-site scripting vulnerability that allows malicious actors to execute...

8.8CVSS6.9AI score0.00352EPSS
Exploits4References1
NCSC
NCSC
added 2025/03/27 2:41 p.m.8 views

Vulnerabilities fixed in Kubernetes Ingress NGINX Controller

Kubernetes has fixed a number of vulnerabilities in the Ingress NGINX Controller. These vulnerabilities allow malicious actors to perform unauthenticated remote code execution RCE. The vulnerabilities are located in the ingress-nginx controller. These vulnerabilities include a critical remote cod...

9.8CVSS9.7AI score0.99098EPSS
Exploits21References6
NCSC
NCSC
added 2025/03/27 9:18 a.m.49 views

Vulnerabilities fixed in Splunk Enterprise and Splunk Cloud Platform

Splunk fixed vulnerabilities in Splunk Enterprise and Splunk Cloud Platform The vulnerabilities allow low-privileged users to abuse higher user privileges, which can lead to unauthorized actions and access to sensitive information. This can occur through phishing attacks and Cross-Site Request...

8.7CVSS6.8AI score0.13987EPSS
Exploits0References8
NCSC
NCSC
added 2025/03/26 12:45 p.m.7 views

Vulnerability fixed in Google Chrome

Google has fixed a vulnerability in Chrome. A malicious party can exploit the vulnerability by convincing a victim to open a rogue link. In this way, the sandbox security of the Chrome browser can be bypassed. Combined with a currently unknown vulnerability, this could lead to the execution of...

8.3CVSS8.5AI score0.08404EPSS
Exploits6References1
NCSC
NCSC
added 2025/03/25 8:41 a.m.6 views

Vulnerability fixed in NetApp SnapCenter

NetApp has fixed a vulnerability in SnapCenter Specifically for versions earlier than 6.0.1P1 and 6.1P1. The vulnerability is in the way SnapCenter handles authenticated users. This allows authenticated users to gain administrative access on remote systems equipped with the SnapCenter plug-in. Th...

9.9CVSS7AI score0.00645EPSS
Exploits0References1
NCSC
NCSC
added 2025/03/25 8:38 a.m.8 views

Vulnerability fixed in Next.js

Vercel has fixed a vulnerability in Next.js Specific to versions 14.2.25 and 15.2.3 Next.js is a popular framework for developing Web applications. The vulnerability is in the way Next.js handles authentication checks in its own middleware. This allows malicious actors to bypass these controls,...

9.1CVSS8.7AI score0.99301EPSS
Exploits58References1
NCSC
NCSC
added 2025/03/20 2:10 p.m.10 views

Vulnerability fixed in Veeam Backup & Replication

Veeam has fixed a vulnerability in Veeam Backup & Replication. The vulnerability is located in the authorization mechanism of the Backup & Replication software and allows a domain user to execute arbitrary code on the system where Backup & Replication is implemented. Veeam has released critical...

9.9CVSS7.8AI score0.18335EPSS
Exploits1References1
NCSC
NCSC
added 2025/03/20 1:17 p.m.6 views

Vulnerability fixed in IBM InfoSphere Information Server

IBM has fixed a vulnerability in IBM InfoSphere Information Server 11.7. The vulnerability is in the way permissions are managed within IBM InfoSphere Information Server. Local users can execute privileged commands due to this flaw, which can lead to unauthorized actions within the system. This c...

8.5CVSS6.7AI score0.00131EPSS
Exploits0References1
NCSC
NCSC
added 2025/03/20 1:13 p.m.9 views

Vulnerabilities fixed in IBM AIX

IBM has fixed vulnerabilities in IBM AIX Specifically for versions 7.2 and 7.3. The vulnerabilities are in the NIM master service and the nimsh service's SSL/TLS protection mechanisms in IBM AIX versions 7.2 and 7.3. These vulnerabilities can be exploited by remote malicious actors to execute...

10CVSS7.6AI score0.01058EPSS
Exploits0References1
NCSC
NCSC
added 2025/03/19 3:3 p.m.9 views

Vulnerability fixed in Synology DiskStation Manager

Synology has fixed a vulnerability in Synology DiskStation Manager DSM. The vulnerability is located in the LDAP functionality of Synology DiskStation Manager. This vulnerability can be exploited by man-in-the-middle attackers, allowing unauthorized interception of administrator authentication...

7.5CVSS6.8AI score0.00237EPSS
Exploits0References1
NCSC
NCSC
added 2025/03/19 3:2 p.m.6 views

Vulnerability fixed in Synology Replication Service and Synology Unified Controller

Synology has fixed a vulnerability in Synology Replication Service and Synology Unified Controller. The vulnerability is located in an off-by-one flaw in the Synology Replication Service and Synology Unified Controller, which allows remote attackers to execute arbitrary code. This can lead to...

10CVSS7.5AI score0.01337EPSS
Exploits0References1
NCSC
NCSC
added 2025/03/17 6:36 p.m.9 views

Vulnerability fixed in Apache Tomcat

Apache has fixed a vulnerability in Apache Tomcat Specifically for versions 11.0.0-M1 to 11.0.2, 10.1.0-M1 to 10.1.34, and 9.0.0.M1 to 9.0.98. The vulnerability is in the way the server handles HTTP PUT requests. By sending a malicious PUT request, an attacker can upload arbitrary files and...

9.8CVSS8.7AI score0.99945EPSS
Exploits47References1
NCSC
NCSC
added 2025/03/14 10:10 a.m.5 views

Vulnerabilities fixed in Autodesk AutoCAD

Autodesk has fixed vulnerabilities in AutoCAD. The vulnerabilities in AutoCAD are related to the processing of several file types, including CATPRODUCT, CATPART, MODEL, SLDPRT and 3DM. These vulnerabilities can lead to application crashes, exposure of sensitive information and execution of...

7.8CVSS7.1AI score0.00275EPSS
Exploits0References1
NCSC
NCSC
added 2025/03/14 9:14 a.m.9 views

Vulnerabilities fixed in GitLab

GitLab has fixed vulnerabilities in GitLab EE/CE versions from 11.5 to 17.9.2. The vulnerabilities include an issue where users with custom permissions can approve more membership requests than they are entitled to, which can lead to unauthorized access to restricted areas within the platform. In...

9.8CVSS9.8AI score0.63792EPSS
Exploits6References1
NCSC
NCSC
added 2025/03/12 1:48 p.m.3 views

Vulnerability fixed in Apple iOS, iPadOS, macOS Sequoia, visionOS and Safari

Apple has fixed a vulnerability in Apple iOS, iPadOS, macOS Sequoia, visionOS and Safari. The vulnerability with reference CVE-2025-24201 lies in the way Apple manages its operating systems. This includes an out-of-bounds write problem that can allow unauthorized actions. Apple has released updat...

8.8CVSS8.5AI score0.0424EPSS
Exploits4References4
NCSC
NCSC
added 2025/03/12 11:0 a.m.6 views

Vulnerability fixed in Ivanti Secure Access Client

Ivanti has fixed a vulnerability in Ivanti Secure Access Client. The vulnerability is located in insufficiently restrictive access privileges of the Ivanti Secure Access Client, allowing local, authenticated attackers to escalate their privileges. This could lead to unauthorized access and contro...

8.5CVSS7AI score0.00287EPSS
Exploits0References1
NCSC
NCSC
added 2025/03/12 10:56 a.m.6 views

Vulnerabilities fixed in Adobe Acrobat Reader

Adobe has fixed vulnerabilities in Adobe Acrobat Reader. The vulnerabilities allow an attacker to execute arbitrary code on affected systems.The vulnerabilities include an out-of-bounds read and a Use After Free, both of which require the user to interact by opening a malicious file. This can lea...

7.8CVSS7.8AI score0.00437EPSS
Exploits0References1
Total number of security vulnerabilities4197