Vulnerabilities are handled in GitLab through GitLab Inc.

GitLab Inc. has addressed several vulnerabilities in GitLab Community Edition CE and Enterprise Edition EE in various versions, particularly in releases from version 8.3 to 18.11.3. These vulnerabilities concern various components and functions within GitLab, including Jira integration, container...

Vulnerabilities managed in Ivanti Endpoint Manager

Ivanti has addressed several vulnerabilities in Ivanti Endpoint Manager, specifically in the core server, the agent, and the web console components. These vulnerabilities concern various aspects of Ivanti Endpoint Manager. First, a remotely authenticated attacker can exploit a vulnerable method t...

Lack of vulnerability awareness in Microsoft Exchange Server

Microsoft has identified a vulnerability in Microsoft Exchange Server. This vulnerability involves a cross-site scripting XSS issue that arises due to improper handling of user input during the generation of web pages. An unauthorized attacker can inject malicious scripts and perform spoofing...

Vulnerabilities found in Cisco Catalyst SD-WAN Controllers and Managers

Cisco has identified vulnerabilities in the Catalyst SD-WAN Controller and Manager products. Cisco has uncovered four vulnerabilities in these products. These vulnerabilities involve XXE injection, privilege escalation, and authentication bypass. The authentication bypass vulnerability resides in...

The vulnerability was exploited in AMD processors

AMD has addressed a vulnerability in certain processor models through a mitigation measure included in the Windows update of May 2026. This vulnerability affects certain AMD processors. A local malicious actor could exploit this vulnerability to execute arbitrary code on the system. The mitigatio...

Vulnerability concealment in Fortinet FortiAuthenticator

Fortinet has identified a vulnerability in FortiAuthenticator. This vulnerability relates to incorrect access control in FortiAuthenticator, allowing attackers to execute unauthorized code or commands. This occurs due to insufficient restrictions in the access control mechanism within the softwar...

Vulnerability handling in Fortinet FortiSandbox

Fortinet has identified a vulnerability in FortiSandbox and FortiSandbox PaaS versions. The vulnerability involves an absence of authorization checks, allowing unauthorized attackers to execute unauthorized code or commands through specially crafted HTTP requests. This issue arises due to...

vulnerabilities handled in Adobe Premiere Pro

Adobe has identified vulnerabilities in Adobe Premiere Pro versions 26.0.2, 25.6.4, and earlier versions. These vulnerabilities reside in the way Adobe Premiere Pro processes specially crafted files. One vulnerability involves an out-of-bounds write operation, which can lead to memory corruption...

vulnerabilities handled in Adobe After Effects

Adobe has identified several vulnerabilities in Adobe After Effects, particularly in versions 26.0, 25.6.4, and earlier versions. These vulnerabilities reside in the way Adobe After Effects processes certain files. There are issues with stack-based buffer overflows, heap-based buffer overflows,...

Vulnerabilities in Adobe Commerce

Adobe has identified several vulnerabilities in Adobe Commerce. These vulnerabilities exist in various versions of Adobe Commerce, including 2.4.9-beta1 and earlier versions. One vulnerability, an Incorrect Authorization vulnerability, allows attackers to bypass authorization checks and obtain...

Vulnerabilities that can be addressed in Adobe Connect

Adobe has identified vulnerabilities in Adobe Connect versions 2025.9.15, 2025.8.157, and earlier versions. These vulnerabilities allow attackers to execute arbitrary code on the affected system. This can occur when users interact with malicious URLs or compromised web pages. The first...

vulnerabilities handled in Adobe Illustrator

Adobe has identified several vulnerabilities in Adobe Illustrator versions 29.8.6, 30.3, and earlier. These vulnerabilities lie in the way Adobe Illustrator processes specially crafted files. There are issues with out-of-bounds write operations, NULL pointer dereferences, out-of-bounds reads, and...

Kwetsbaarheid verholpen in Cisco Crosswork Network Controller

Cisco has identified a vulnerability in the Cisco Crosswork Network Controller. This vulnerability involves a denial-of-service attack that can be exploited by unauthorized external attackers. The attack involves overwhelming the system with a large number of connection requests, causing services...

Vulnerabilities in Microsoft Edge (Chromium)

Microsoft has identified a number of vulnerabilities in the Edge browser Chromium. These vulnerabilities are located in the code base of Chrome and were previously disclosed by Google. Microsoft incorporates these vulnerabilities into the Edge browser and distributes the updates automatically...

Vulnerabilities present in Siemens products

Siemens has identified vulnerabilities in various OT-products. These include products from the Siemens RUGGEDCOM, SCALANCE, SIMATIC, SIMIT, SINAMICS, SIPROTEC, SENTRON, and Solid Edge product families. The vulnerabilities enable malicious actors to carry out attacks that can cause the following...

The vulnerability was exploited in Microsoft SQL Server

Microsoft has identified a vulnerability in SQL Server. A malicious individual with authorized access can exploit this vulnerability to execute arbitrary code under the control of the SQL Server. Microsoft has provided updates that address the described vulnerabilities. We recommend that you...

Vulnerabilities in Microsoft Dynamics

Microsoft has addressed vulnerabilities in various components of Dynamics. A malicious individual with access can exploit these vulnerabilities to gain elevated privileges, execute arbitrary code, and/or access sensitive data. The vulnerability with ID CVE-2026-33821 has been addressed by...

vulnerabilities present in Microsoft Office

Microsoft has identified vulnerabilities in various Office products. A malicious individual can exploit these vulnerabilities to impersonate another user or execute arbitrary code with the victim’s privileges, potentially accessing sensitive data within the context of the victim’s account. For...

vulnerabilities handled in Microsoft Developer Tools

Microsoft has addressed vulnerabilities in various Developer Tools. A malicious individual could exploit these vulnerabilities to carry out attacks that can cause the following types of damage: - Denial-of-Service DoS attacks - Bypass of security measures - Execution of arbitrary code user rights...

Vulnerabilities in Microsoft Azure

Microsoft has identified vulnerabilities in various Azure components. A malicious individual could exploit these vulnerabilities to impersonate other users, gain elevated privileges, execute arbitrary code, and potentially access sensitive data. The vulnerabilities with IDs CVE-2026-40379,...

Vulnerabilities found in various SAP products

SAP has identified vulnerabilities in the following SAP products: SAP S/4HANA, SAP Commerce Cloud, SAP Forecasting & Replenishment, SAP NetWeaver Application Server for ABAP, SAP Business Server Pages, SAP BusinessObjects Business Intelligence Platform, SAP Strategic Enterprise Management Scoreca...

vulnerabilities found in Apple MacOS

Apple has addressed several vulnerabilities in various versions of macOS including Sequoia, Sonoma, and Tahoe versions. These vulnerabilities involve memory management issues such as buffer overflows, use-after-free errors, out-of-bounds reads and writes, and integer overflows. These...

Vulnerabilities found in Apple iOS and iPadOS

Apple has addressed several vulnerabilities in various versions of iOS and iPadOS. These vulnerabilities involve incorrect memory management mechanisms, such as use-after-free, buffer overflows, out-of-bounds reads and writes, race conditions, type confusion, null pointer dereferences, and...

vulnerabilities handled in LiteLLM by BerriAI

BerriAI has addressed vulnerabilities in LiteLLM, specifically in versions 1.74.2 to 1.83.6. LiteLLM is a widely used proxy for managing APIs to a large number of LLM systems in a centralized manner. The first vulnerability involves an SQL injection in the proxy API key verification mechanism,...

vulnerabilities found in Cisco Unity Connection

Cisco has addressed several vulnerabilities in Cisco Unity Connection. These vulnerabilities reside in the web management interface and the Web Inbox web interface of Cisco Unity Connection. Authorized attackers with valid login credentials can execute arbitrary code with root privileges, thereby...

Vulnerabilities managed in Ivanti Endpoint Manager Mobile

Ivanti has identified five vulnerabilities in Endpoint Manager Mobile EPMM, also known as MobileIron. One of these vulnerabilities, labeled CVE-2026-6973, allows an authenticated malicious actor with administrative access to remotely execute arbitrary code with administrator privileges. Ivanti...

Vulnerabilities in Apache HTTP Server

The Apache Software Foundation has addressed several vulnerabilities in Apache HTTP Server. These vulnerabilities concern various modules and functions within Apache HTTP Server. The most serious vulnerability relates to a double-free in the HTTP/2 implementation, which allows an attacker to...

Vulnerabilities are being addressed in the Progress MOVEit Automation system.

Progress has addressed vulnerabilities in MOVEit Automation. The vulnerability with identifier CVE-2026-4670 involves a bypass of authentication in MOVEit Automation. A malicious individual without rights can exploit this vulnerability without any user interaction being required. The second...

Vulnerability handling in Palo Alto Networks PAN-OS

Palo Alto Networks has identified a vulnerability in PAN-OS, specifically in the User-ID Authentication Portal component of the PA-Series and VM-Series firewalls. The vulnerability involves a buffer overflow in the User-ID Authentication Portal, allowing unauthenticated attackers to execute...

Vulnerability avoidance in the Linux kernel cryptographic subsystem

The Linux kernel has a vulnerability in the algifaead crypto module of the cryptographic subsystem. This vulnerability resides in the algifaead crypto module of the Linux kernel, where a mistake occurred during the in-place operation when the source and destination mappings differed. This allows ...

Vulnerability handling functions in cPanel and WHM

cPanel has identified a vulnerability in its cPanel and WHM products, including versions after 11.40 and before the specific patched releases. The vulnerability involves an authentication bypass that occurs due to the injection of CRLF characters in session files, allowing attackers to impersonat...

Vulnerabilities handled in Apache Camel

The Apache Software Foundation has identified vulnerabilities in Apache Camel. These vulnerabilities exist in various components of Apache Camel. The issues include insecure deserialization, insufficient filtering of email headers, incorrect authentication path matching, and improper processing o...

Vulnerabilities handled in GitLab EE and CE

GitLab Inc. has identified several vulnerabilities in the GitLab Community Edition and Enterprise Edition, particularly in versions ranging from 9.2 to 18.11.1, including various 18.x releases. These vulnerabilities affect various components of GitLab, such as the discussions endpoint, GraphQL AP...

vulnerabilities in Oracle PeopleSoft

Oracle has identified vulnerabilities in Oracle PeopleSoft. These vulnerabilities enable unauthorized attackers to gain access to sensitive data and modify it. In some cases, these vulnerabilities can even lead to a denial-of-service attack on the affected products. Oracle has released updates to...

vulnerabilities present in Oracle E-Business Suite

Oracle has identified vulnerabilities in the Oracle E-Business Suite. These vulnerabilities exist in various components of the Oracle E-Business Suite, including Oracle Advanced Inbound Telephony, Oracle Enterprise Command Center Framework, Oracle Advanced Supply Chain Planning, and Oracle Flow...

Vulnerabilities are managed in Oracle Enterprise Manager

Oracle has identified vulnerabilities in Enterprise Manager Base Platform 13.5, 24.1. These vulnerabilities enable unauthorized attackers to gain unauthorized access, or they can lead to a denial-of-service attack via HTTP. Oracle has released updates for Enterprise Manager Base Platform to addre...

Vulnerabilities in Oracle Identity Manager Connector

Oracle has identified several vulnerabilities in the Oracle Identity Manager Connector version 12.2.1.4.0. These vulnerabilities allow an attacker without authentication to perform unauthorized actions through network access via HTTPS or HTTP, such as creating, deleting, or modifying critical dat...

The vulnerability exploited in Microsoft’s ASP.NET Core framework

Microsoft has identified a vulnerability in ASP.NET Core. This vulnerability arises due to incorrect verification of cryptographic signatures within ASP.NET Core. As a result, an unauthorized attacker can elevate their privileges by circumventing security checks and gaining unauthorized access wi...

Lack of vulnerability awareness in Cisco WebEx Services

Cisco has identified a vulnerability in Cisco Webex Services, specifically in the SSO integration with Control Hub. The vulnerability lies in the incorrect validation of certificates during the SSO integration of Cisco Webex Services through Control Hub. An unauthenticated external attacker can...

vulnerabilities in Fortinet FortiSandbox

Fortinet has identified several vulnerabilities in FortiSandbox, including those in on-premises versions and FortiSandbox Cloud. Two of these vulnerabilities are classified as critical by Fortinet. Malicious actors can exploit these vulnerabilities through CVE-2026-39813 and CVE-2026-39808. In...

Vulnerabilities are detected in Fortinet FortiAnalyzer and FortiManager

Fortinet has identified vulnerabilities in FortiAnalyzer, FortiAnalyzer Cloud, FortiManager, and FortiManager Cloud. Malicious individuals could exploit these vulnerabilities by executing unauthorized code or deleting files. Specifically, FortiAnalyzer, FortiAnalyzer Cloud, FortiManager, and...

Microsoft Defender’s inability to address vulnerabilities

Microsoft has identified a vulnerability in System Center. A malicious individual could exploit this vulnerability by allowing Windows Defender to apply insufficient access control, thereby enabling an authorized attacker to escalate their privileges locally. UPDATE If Microsoft Defender...

Vulnerabilities in Microsoft Windows

Microsoft has fixed vulnerabilities in Windows. A malicious party can exploit the vulnerabilities to carry out attacks that can lead to the following categories of damage: - Denial-of-Service DoS - Manipulation of data - Accessing sensitive data - Execution of arbitrary code user privileges -...

Vulnerabilities in Microsoft SQL Server

Microsoft has addressed vulnerabilities in SQL Server. A malicious individual could exploit these vulnerabilities by having SQL Server improperly neutralize inputs and dereference untrusted pointers. This could allow an authorized attacker to gain elevated privileges locally or execute code...

Vulnerabilities fixed in Microsoft Azure

Microsoft has fixed vulnerabilities in several Azure components. A malicious party could exploit these vulnerabilities by having multiple Azure and Microsoft components fail to validate input adequately or process untrusted data insecurely, allowing an authorized attacker to increase privileges...

Vulnerabilities fixed in Microsoft Office

Microsoft has fixed vulnerabilities in several Office products. A malicious party could exploit the vulnerabilities to bypass security measures, impersonate another user and thus gain elevated privileges and access to sensitive data. For successful abuse, the malicious party must trick the victim...

Vulnerabilities fixed in Microsoft Developer tools

Microsoft has fixed vulnerabilities in .NET, .NET Framework, Visual Studio and PowerShell. A malicious party can exploit the vulnerabilities to launch attacks that can lead to the following categories of damage: - Denial-of-Service DoS - Accessing sensitive data - Circumvention of a security...

Vulnerabilities fixed in SAP products

SAP has fixed vulnerabilities in several SAP products, including SAP Supplier Relationship Management, SAP BusinessObjects Business Intelligence Platform, SAP NetWeaver Application Server Java and ABAP, SAP Landscape Transformation, SAP Business Planning and Consolidation, SAP Business Warehouse,...

Vulnerabilities fixed in Siemens products

Siemens has fixed vulnerabilities in several products such as Analytics Toolkit, Ruggedcom, Industrial Edge Management Pro, SIDIS and TPM. The vulnerabilities potentially enable a malicious person to carry out attacks that can lead to the following categories of damage: - Denial-of-Service DoS -...

Vulnerability fixed in Adobe Acrobat

Adobe has fixed a vulnerability in Adobe Acrobat DC, Actobat Reader DC and Acrobat 2024. A malicious party can exploit the vulnerability to execute arbitrary code on the victim's system. To do this, the malicious party needs to get the victim to open a rogue PDF file. A rogue PDF file uploaded on...