Vulnerabilities fixed in Adobe ColdFusion

Adobe has fixed vulnerabilities in ColdFusion Specifically for versions 2023.12, 2021.18, 2025.0 and earlier. The vulnerabilities are in the way ColdFusion handles input validation, authentication, access and deserialization of untrusted data. Malicious parties can exploit these vulnerabilities t...

Vulnerabilities fixed in Adobe After Effects

Adobe has fixed vulnerabilities in Adobe After Effects Specifically for versions 25.1, 24.6.4, and earlier. The vulnerabilities include vulnerabilities for arbitrary code execution, out-of-bounds read, and a NULL Pointer Dereference. Attackers can exploit these vulnerabilities by opening a...

Vulnerability fixed in FortiSwitch

Fortinet has fixed a vulnerability in the FortiSwitch GUI. The vulnerability with reference CVE-2024-48887, is located in the FortiSwitch GUI, which allows a remote, unauthenticated malicious person to change admin passwords via specially crafted requests. This security issue can lead to...

Vulnerabilities fixed in Microsoft Windows

Microsoft has fixed vulnerabilities in Windows. A malicious party can exploit the vulnerabilities to carry out attacks that can lead to the following categories of damage: - Denial-of-Service DoS - Circumvention of security measure - Execution of arbitrary code root/admin privileges - Execution o...

Vulnerability fixed in Microsoft Dynamics

Microsoft has fixed a vulnerability in Dynamics. A vulnerability marked CVE-2025-29821, from incorrect input validation in Dynamics Business Central, allowed a malicious party to gain access to sensitive data. If successfully exploited, the malicious party can recover passwords in unencrypted tex...

Vulnerabilities fixed in Microsoft Developer Tools

Microsoft fixed vulnerabilities in Visual Studio and .NET A malicious party could exploit the vulnerabilities to cause a denial-of-service, grant themselves elevated privileges and/or execute arbitrary code with developer privileges. Because developers tend to work under elevated privileges, it...

Vulnerabilities fixed in Microsoft Azure

Microsoft has fixed vulnerabilities in several Azure products. A malicious person could exploit the vulnerabilities to grant themselves elevated privileges and gain access to sensitive data. The vulnerability with reference CVE-2025-27489 allows the malicious party, by loading a non-Microsoft DLL...

Vulnerability fixed in Microsoft System Center

Microsoft has fixed a vulnerability in System Center. The vulnerability allows a malicious person through an untrusted path within System Center, to elevate local permissions. For successful exploitation, the malicious party must have access to the device to reach the System Center Windows...

Vulnerabilities fixed in Microsoft Office

Microsoft has fixed vulnerabilities in several Office products. A malicious party could exploit the vulnerabilities to execute arbitrary code in the victim's context, potentially gaining access to sensitive data. The vulnerability with reference CVE-2025-29794 in Microsoft SharePoint allows a...

Vulnerabilities fixed in Siemens products

Siemens has fixed vulnerabilities in various products such as Industrial Edge Devices, Mendix, SENTRON, SIDIS, SIMATIC, SIPLUS,Insights Hub Private Cloud, Siemens License Server and Solid Edge. The vulnerabilities potentially enable a malicious person to carry out attacks that can lead to the...

Vulnerability fixed in CrushFTP

CrushFTP has fixed a vulnerability in versions 10.0.0 to 10.8.3 and 11.0.0 to 11.3.0. The vulnerability allows a malicious party to gain unauthenticated remote access via HTTP requests, which can lead to unauthorized access. Systems using CrushFTP's DMZ Proxy instance are not vulnerable...

Vulnerability fixed in Ivanti Connect Secure, Policy Secure and ZTA Gateways

Ivanti has fixed a vulnerability in Connect Secure, Policy Secure and ZTA Gateways. A malicious party could exploit the vulnerability to execute arbitrary code on the vulnerable system without prior authentication. Ivanti reports having information that the vulnerability has been exploited on...

Vulnerability fixed in Cisco Enterprise Chat and Email

Cisco has fixed a vulnerability in Cisco Enterprise Chat and Email ECE. The vulnerability is in how Cisco Enterprise Chat and Email ECE validates incorrect input in its chat functionality. This can lead to a denial-of-service DoS situation, which may require manual intervention to restore normal...

Vulnerabilities fixed in Apple iOS and iPadOS

Apple has fixed several vulnerabilities in iOS and iPadOS. The vulnerabilities include memory management issues, unauthorized access to sensitive user data, and the ability for applications to escape their sandbox environments. These vulnerabilities could lead to unauthorized access, data...

Vulnerabilities fixed in Apple macOS

Apple has fixed several vulnerabilities in macOS Specifically for Ventura 13.7.5, Sequoia 15.4 and Sonoma 14.7.5. The vulnerabilities include issues with unauthorized access to sensitive user data, logging issues, and vulnerabilities that allowed applications to obtain root privileges. These...

Vulnerabilities fixed in GitLab EE/CE

GitLab has fixed vulnerabilities in GitLab EE/CE Specifically for versions from 13.5.0 to 17.10.1. The vulnerabilities include an input validation error that allows users to inject malicious code into CLI commands, a cross-site scripting vulnerability that allows malicious actors to execute...

Vulnerabilities fixed in Kubernetes Ingress NGINX Controller

Kubernetes has fixed a number of vulnerabilities in the Ingress NGINX Controller. These vulnerabilities allow malicious actors to perform unauthenticated remote code execution RCE. The vulnerabilities are located in the ingress-nginx controller. These vulnerabilities include a critical remote cod...

Vulnerabilities fixed in Splunk Enterprise and Splunk Cloud Platform

Splunk fixed vulnerabilities in Splunk Enterprise and Splunk Cloud Platform The vulnerabilities allow low-privileged users to abuse higher user privileges, which can lead to unauthorized actions and access to sensitive information. This can occur through phishing attacks and Cross-Site Request...

Vulnerability fixed in Google Chrome

Google has fixed a vulnerability in Chrome. A malicious party can exploit the vulnerability by convincing a victim to open a rogue link. In this way, the sandbox security of the Chrome browser can be bypassed. Combined with a currently unknown vulnerability, this could lead to the execution of...

Vulnerability fixed in NetApp SnapCenter

NetApp has fixed a vulnerability in SnapCenter Specifically for versions earlier than 6.0.1P1 and 6.1P1. The vulnerability is in the way SnapCenter handles authenticated users. This allows authenticated users to gain administrative access on remote systems equipped with the SnapCenter plug-in. Th...

Vulnerability fixed in Next.js

Vercel has fixed a vulnerability in Next.js Specific to versions 14.2.25 and 15.2.3 Next.js is a popular framework for developing Web applications. The vulnerability is in the way Next.js handles authentication checks in its own middleware. This allows malicious actors to bypass these controls,...

Vulnerability fixed in Veeam Backup & Replication

Veeam has fixed a vulnerability in Veeam Backup & Replication. The vulnerability is located in the authorization mechanism of the Backup & Replication software and allows a domain user to execute arbitrary code on the system where Backup & Replication is implemented. Veeam has released critical...

Vulnerability fixed in IBM InfoSphere Information Server

IBM has fixed a vulnerability in IBM InfoSphere Information Server 11.7. The vulnerability is in the way permissions are managed within IBM InfoSphere Information Server. Local users can execute privileged commands due to this flaw, which can lead to unauthorized actions within the system. This c...

Vulnerabilities fixed in IBM AIX

IBM has fixed vulnerabilities in IBM AIX Specifically for versions 7.2 and 7.3. The vulnerabilities are in the NIM master service and the nimsh service's SSL/TLS protection mechanisms in IBM AIX versions 7.2 and 7.3. These vulnerabilities can be exploited by remote malicious actors to execute...

Vulnerability fixed in Synology DiskStation Manager

Synology has fixed a vulnerability in Synology DiskStation Manager DSM. The vulnerability is located in the LDAP functionality of Synology DiskStation Manager. This vulnerability can be exploited by man-in-the-middle attackers, allowing unauthorized interception of administrator authentication...

Vulnerability fixed in Synology Replication Service and Synology Unified Controller

Synology has fixed a vulnerability in Synology Replication Service and Synology Unified Controller. The vulnerability is located in an off-by-one flaw in the Synology Replication Service and Synology Unified Controller, which allows remote attackers to execute arbitrary code. This can lead to...

Vulnerability fixed in Apache Tomcat

Apache has fixed a vulnerability in Apache Tomcat Specifically for versions 11.0.0-M1 to 11.0.2, 10.1.0-M1 to 10.1.34, and 9.0.0.M1 to 9.0.98. The vulnerability is in the way the server handles HTTP PUT requests. By sending a malicious PUT request, an attacker can upload arbitrary files and...

Vulnerabilities fixed in Autodesk AutoCAD

Autodesk has fixed vulnerabilities in AutoCAD. The vulnerabilities in AutoCAD are related to the processing of several file types, including CATPRODUCT, CATPART, MODEL, SLDPRT and 3DM. These vulnerabilities can lead to application crashes, exposure of sensitive information and execution of...

Vulnerabilities fixed in GitLab

GitLab has fixed vulnerabilities in GitLab EE/CE versions from 11.5 to 17.9.2. The vulnerabilities include an issue where users with custom permissions can approve more membership requests than they are entitled to, which can lead to unauthorized access to restricted areas within the platform. In...

Vulnerability fixed in Apple iOS, iPadOS, macOS Sequoia, visionOS and Safari

Apple has fixed a vulnerability in Apple iOS, iPadOS, macOS Sequoia, visionOS and Safari. The vulnerability with reference CVE-2025-24201 lies in the way Apple manages its operating systems. This includes an out-of-bounds write problem that can allow unauthorized actions. Apple has released updat...

Vulnerability fixed in Ivanti Secure Access Client

Ivanti has fixed a vulnerability in Ivanti Secure Access Client. The vulnerability is located in insufficiently restrictive access privileges of the Ivanti Secure Access Client, allowing local, authenticated attackers to escalate their privileges. This could lead to unauthorized access and contro...

Vulnerabilities fixed in Adobe Acrobat Reader

Adobe has fixed vulnerabilities in Adobe Acrobat Reader. The vulnerabilities allow an attacker to execute arbitrary code on affected systems.The vulnerabilities include an out-of-bounds read and a Use After Free, both of which require the user to interact by opening a malicious file. This can lea...

Vulnerabilities fixed in Fortinet FortiSandbox

Fortinet has fixed vulnerabilities in FortiSandbox. The vulnerability with reference CVE-2024-45328 includes improper authorization that allows low-privileged administrators to execute elevated CLI commands through the GUI console. In addition, there is an SQL injection vulnerability with attribu...

Fixed vulnerabilities in FortiOS, FortiProxy, FortiPAM, FortiSRA and FortiWeb.

Fortinet has fixed a vulnerability in FortiOS, FortiProxy, FortiPAM, FortiSRA and FortiWeb. The vulnerability is in how certain Fortinet products handle HTTP and HTTPS requests. A malicious party with certain privileges can send specially crafted requests that lead to the execution of unauthorize...

Vulnerabilities fixed in Microsoft Azure

Microsoft has fixed vulnerabilities in several Azure products. A malicious person could exploit the vulnerabilities to grant themselves elevated privileges or execute arbitrary code with the privileges of the vulnerable application. Azure PromptFlow:...

Vulnerabilities fixed in Microsoft Office

Microsoft has fixed vulnerabilities in several Office products. A malicious party could exploit the vulnerabilities to execute arbitrary code in the victim's context, potentially gaining access to sensitive data. Successful exploitation requires the malicious party to trick the victim into openin...

Vulnerabilities fixed in Microsoft Developer Tools

Microsoft fixed vulnerabilities in Visual Studio and .NET A malicious party could exploit the vulnerabilities to grant themselves elevated privileges and/or execute arbitrary code with developer privileges. Because developers tend to work under elevated privileges, it cannot be ruled out that...

Vulnerabilities fixed in Microsoft Windows

Microsoft has fixed vulnerabilities in Windows. A malicious party can exploit the vulnerabilities to carry out attacks that can lead to the following categories of damage: - Denial-of-Service DoS - Circumvention of security measure - Execution of arbitrary code root/admin privileges - Execution o...

Vulnerabilities fixed in Siemens products

Siemens has fixed vulnerabilities in various products such as SCALANCE, SIMATIC, SINAMICS, SINEMA, SiPass, Teamcenter and Tecnomatix. The vulnerabilities potentially enable a malicious person to carry out attacks that can lead to the following categories of damage: - Denial-of-Service DoS -...

Vulnerabilities fixed in SAP software

SAP has fixed several vulnerabilities in its software components, including SAP Commerce, SAP NetWeaver, and SAP BusinessObjects. The vulnerabilities include Cross-Site Scripting XSS and missing authorization controls, which allow attackers to gain unauthorized access, manipulate data, and reveal...

Vulnerability fixed in Elastic Kibana

Elastic has fixed a vulnerability in Kibana. The vulnerability with reference CVE-2025-25015 allows an authenticated remote malicious person to execute arbitrary code via a specially prepared file upload and specially prepared HTTP requests. The exploitability of this vulnerability depends on the...

Vulnerabilities fixed in IBM Storage products

IBM has fixed vulnerabilities in IBM FlashSystem, SAN Volume Controller, Storwize and Storage Virtualize. The vulnerabilities are in the RPCAdapter service of specific versions of IBM FlashSystem. Attackers can bypass RPCAdapter authentication through specially crafted HTTP requests, which can le...

Vulnerabilities fixed in VMware products

Broadcom has fixed vulnerabilities in VMware ESXi including Workstation and Fusion. The vulnerabilities include a TOCTOU vulnerability that allows a malicious person with local administrative privileges to execute code as the VMX process on the host via an out-of-bounds write. In addition, there ...

Vulnerabilities fixed in Google Android and Samsung Mobile

Google has fixed several vulnerabilities in Android and Samsung Mobile, including two zero-day vulnerabilities that were actively exploited in targeted attacks. The vulnerabilities are in the Android kernel and the ExternalStorageProvider.java, which can lead to local privilege escalation and...

Vulnerability fixed in Zohocorp ManageEngine ADSelfService Plus

Zohocorp has fixed a vulnerability in ManageEngine ADSelfService Plus Specifically for versions 6510 and earlier. The vulnerability is in the way sessions are managed in ManageEngine ADSelfService Plus. This issue allows valid account holders to abuse the system, which can lead to possible accoun...

Vulnerabilities fixed in GitLab

GitLab has fixed vulnerabilities in GitLab CE/EE versions for 17.7.6, 17.8.4 and 17.9.1. The vulnerability is in the ability for HTML injection in searches of child items. This vulnerability can be exploited by malicious parties to perform cross-site scripting XSS attacks. The potential for...

Vulnerability fixed in MITRE Caldera

MITRE has fixed a vulnerability in Caldera Specifically for versions 4.2.0 and 5.0.0. The vulnerability is in how the Caldera server processes Web requests. Malicious attackers can send specially crafted Web requests to the Caldera server API, allowing them to execute arbitrary code on the server...

Vulnerabilities fixed in Mattermost

Mattermost fixed vulnerabilities in versions 10.4.x, 9.11.x, 10.3.x, 10.2.x and 10.1.x. The vulnerabilities include failure to invalidate active sessions when converting to a bot, incorrect input validation during board patching and duplication, SQL injection attacks due to lack of prepared...

Vulnerability fixed in Exim

Exim's developers have fixed an SQL injection vulnerability. A malicious party could exploit the vulnerability to execute an SQL injection. This allows the malicious party to gain access to sensitive data and potentially execute arbitrary code with privileges from the Exim installation. The exim...

Vulnerability fixed in XWiki

XWiki has fixed a vulnerability in the system. The vulnerability is in the way XWiki handles the SolrSearch request. This allows a guest to execute arbitrary external code, compromising the confidentiality, integrity and availability of the system. The documentation provides specific steps for...