4197 matches found
Vulnerability fixed in Microsoft Authenticator app
Microsoft has fixed a vulnerability in the Authenticator app for Android and iOS. A malicious party could exploit the vulnerability to gain access to sensitive data. Successful abuse requires the malicious party to trick the victim into installing a rogue app. This app can then be misused to...
Vulnerabilities fixed in Microsoft Azure
Microsoft has fixed vulnerabilities in several Azure components. A malicious party could exploit the vulnerabilities to impersonate another user, grant themselves elevated privileges or gain access to sensitive data. Azure Entra ID: |----------------|------|-------------------------------------| ...
Vulnerabilities fixed in Microsoft SQL Server
Microsoft has fixed vulnerabilities in SQL Server. A malicious party could exploit the vulnerabilities to grant themselves elevated privileges and potentially execute SQL Statements with Sysadmin privileges. For successful abuse, the malicious party must have prior authorizations as a user. Of th...
Vulnerabilities fixed in Microsoft Windows
Microsoft fixed vulnerabilities in Windows A malicious party can exploit the vulnerabilities to carry out attacks that can lead to the following categories of damage: - Denial-of-Service DoS - Manipulation of data - Accessing sensitive data - Execution of arbitrary code user privileges - Obtainin...
Vulnerabilities fixed in Ivanti Endpoint Manager
Ivanti has fixed vulnerabilities in Ivanti Endpoint Manager Specific for versions prior to 2024 SU5. The vulnerability with attribute CVE-2026-1603 concerns an authentication bypass that allows remote, unauthenticated attackers to gain access to certain stored login credentials, which can lead to...
Vulnerabilities fixed in Siemens products
Siemens has fixed vulnerabilities in several products such as Heliox, Ruggedcom, SICAM, SIDIS and SIMATIC. The vulnerabilities potentially enable a malicious person to carry out attacks that can lead to the following categories of damage: - Denial-of-Service DoS - Manipulation of data -...
Vulnerabilities fixed in Cisco Catalyst SD-WAN Manager
Cisco has fixed several vulnerabilities in the Cisco Catalyst SD-WAN Manager. The vulnerabilities are in the peering authentication mechanisms of the Cisco Catalyst SD-WAN Controller and Manager products. These vulnerabilities allow an unauthenticated remote attacker to bypass the authentication...
Vulnerabilities fixed in Kibana
Elastic has fixed vulnerabilities in Kibana. The vulnerabilities are in several components of Kibana. An authenticated user with view-only privileges can exploit an input validation flaw to cause a Denial of Service condition by sending specially crafted, misshapen payloads. This leads to excessi...
Vulnerabilities fixed in Cisco Secure Firewall systems
Cisco has fixed several vulnerabilities in Cisco Secure Firewall including ASA and FTD software. The vulnerabilities include SQL injection, privilege escalation, denial-of-service, cross-site scripting, and improper management of entries in various Cisco Secure Firewall components. Authenticated...
Vulnerability fixed in n8n Automation Platform
N8n has fixed a vulnerability in the Merge node in SQL query mode Specifically for versions prior to 2.10.1, 2.9.3 and 1.123.22. The vulnerability is in how the Merge node executes SQL queries. Authenticated users with rights to create or modify workflows can execute arbitrary code and write file...
Vulnerabilities fixed in VMware Aria Operations
Broadcom has fixed vulnerabilities in VMware Aria Operations. The vulnerabilities include privilege escalation, stored cross-site scripting XSS and command injection. The privilege escalation vulnerability could allow an attacker to gain elevated privileges, which could affect system integrity an...
Vulnerabilities fixed in Google Android and Samsung Mobile
Google has fixed vulnerabilities in Android. Included in this update are updates to closed-source components from Qualcomm, Imagination Technologies, Unisoc and MediaTek. Samsung has fixed vulnerabilities in Samsung Mobile that are relevant to Samsung mobile devices. A malicious party can exploit...
Vulnerability fixed in Juniper Junos OS Evolved
Juniper has fixed a vulnerability in Junos OS Evolved Specifically for PTX Series devices. The vulnerability is in the On-Box Anomaly detection framework of Junos OS Evolved that runs on PTX Series devices. The cause is an incorrect assignment of permissions that allows unauthenticated remote...
Vulnerabilities fixed in GitLab
GitLab has fixed vulnerabilities in versions 9.0 to but not including 18.7.5, 18.8 to but not including 18.8.5, and 18.9 to but not including 18.9.1. The vulnerabilities included several Denial of Service DoS and security vulnerabilities that could be exploited by both authenticated and...
Vulnerabilities fixed in SolarWinds Serv-U
SolarWinds has fixed vulnerabilities in Serv-U. The vulnerabilities are in how Serv-U controls access and processes data types. Attackers with administrative privileges can exploit these vulnerabilities to gain unauthorized system access and execute arbitrary code with elevated privileges. This c...
Vulnerabilities fixed in Splunk Enterprise and Splunk Cloud Platform
Splunk has fixed vulnerabilities in Splunk Enterprise and Splunk Cloud Platform. The vulnerabilities are in several versions of Splunk Enterprise and Splunk Cloud Platform. They allow low-privileged users to bypass protections, view sensitive information, and abuse the REST API for user...
ZeroDay vulnerabilities fixed in Ivanti Endpoint Manager Mobile
Ivanti has fixed two vulnerabilities in Endpoint Manager Mobile EPMM, ok known as MobileIron. The vulnerabilities allow an unauthenticated malicious person to execute arbitrary code on the vulnerable system. Of the vulnerability marked CVE-2026-1281, Ivanti reports that it has been actively...
Vulnerabilities fixed in GitHub Enterprise Server
GitHub has fixed vulnerabilities in GitHub Enterprise Server Specifically for versions before 3.20, 3.19.2, 3.18.5 and 3.17.11. The first vulnerability concerns an authorization issue that allowed attackers to merge unauthorized pull-requests into repositories that provide fork support. The secon...
Vulnerability fixed in Google Chrome
Google has fixed a vulnerability in Google Chrome for versions prior to 145.0.7632.75. The vulnerability is in the way Google Chrome handles CSS and involves a use-after-free issue. This can lead to remote code execution via specially crafted HTML pages. Both Google Chrome and Microsoft Edge base...
Vulnerability fixed in Dell RecoverPoint for Virtual Machines
Dell has fixed a vulnerability in Dell RecoverPoint for Virtual Machines versions prior to 6.0.3.1 HF1. The vulnerability resides in hard-coded login credentials present in the software. This allows unauthenticated attackers on the same network to gain unauthorized access to the system. This coul...
Vulnerabilities fixed in Apple iOS and iPadOS
Apple has fixed vulnerabilities in iOS and iPadOS. The vulnerabilities included several problems such as memory corruption, buffer overflow, and post-release usage, which could lead to unauthorized access to sensitive data, unexpected process crashes and other stability issues. The vulnerabilitie...
Vulnerabilities fixed in Apple macOS
Apple has fixed vulnerabilities in macOS, including versions Sequoia 15.7.4, Tahoe 26.3 and Sonoma 14.8.4. The vulnerabilities include memory corruption issues, unauthorized access to sensitive user data, and logging issues that could lead to unauthorized access to location information. The updat...
Vulnerability fixed in BeyondTrust Remote Support
BeyondTrust has fixed a vulnerability in BeyondTrust Remote Support and some older versions of Privileged Remote Access. The vulnerability is in the software's pre-authentication, which allows unauthenticated attackers to execute operating system commands by sending specially crafted requests to...
Vulnerabilities fixed in GitLab CE/EE
GitLab has fixed vulnerabilities in GitLab CE/EE Specifically for versions prior to 18.6.6, 18.7.4, and 18.8.4. The vulnerabilities include server-side request forgery, unauthorized access to internal network services, injection of malicious content, unauthorized actions via the GLQL API,...
Vulnerabilities fixed in Fortinet FortiOS
Fortinet has fixed vulnerabilities in FortiOS Versions 7.0 to 7.6.4, 7.4.0 to 7.4.9, and 7.2.0 to 7.2.11. The vulnerabilities include an Authentication Bypass that allows unauthenticated attackers to bypass LDAP authentication for Agentless VPN or FSSO policies, depending on specific configuratio...
Vulnerabilities fixed in Fortinet FortiSandbox, FortiAuthenticator and FortiClient
Fortinet has fixed vulnerabilities in FortiSandbox versions 4.4.8 and 5.0.5, FortiAuthenticator versions 6.3 to 6.6.6 and FortiClient versions 7.0, 7.2 and 7.4. The vulnerability in FortiSandbox involves Cross-site Scripting, which allows unauthenticated attackers to execute arbitrary commands vi...
Vulnerabilities fixed in Microsoft Office
Microsoft has fixed vulnerabilities in Office components. A malicious party could exploit the vulnerabilities to bypass security measures, pretend to be another user and thus gain elevated privileges and access to sensitive data. For successful exploitation, the malicious party must trick the...
Vulnerabilities fixed in Microsoft Azure
Microsoft has fixed vulnerabilities in several Azure components. A malicious party could exploit the vulnerabilities to impersonate another user, potentially grant themselves elevated privileges and thus execute arbitrary code or gain access to sensitive data. Of the vulnerabilities labeled...
Vulnerabilities fixed in Microsoft Developer Tools
Microsoft has fixed vulnerabilities in several Visual Studio and .NET components. A malicious party could exploit the vulnerabilities to bypass security measures, grant themselves elevated privileges and potentially execute arbitrary code with the victim's privileges. For successful abuse, the...
Vulnerability fixed in Microsoft SQL Server
Microsoft has fixed a vulnerability in SQL Server Power BI. A malicious party could exploit the vulnerability to execute arbitrary code on the vulnerable SQL Server. Microsoft has made updates available that fix the described vulnerability. We recommend that you install these updates. More...
Vulnerability fixed in Microsoft Exchange
Microsoft has fixed a vulnerability in Exchange server. A malicious person could, without prior authentication, impersonate another user and thus gain access to sensitive data in the victim's context. Microsoft has made updates available that fix the described vulnerability. We recommend that you...
Vulnerabilities fixed in Microsoft Windows
Microsoft has fixed vulnerabilities in Windows. A malicious party can exploit the vulnerabilities to carry out attacks that can lead to the following categories of damage: - Denial-of-Service DoS - Manipulation of data - Accessing sensitive data - Execution of arbitrary code user privileges -...
Vulnerabilities fixed in SAP products
SAP has fixed vulnerabilities in several products, including SAP CRM, SAP S/4HANA, SAP NetWeaver Application Server ABAP, SAP Supply Chain Management, SAP BusinessObjects BI Platform, SAP Document Management System, SAP Commerce Cloud, and SAP Business Workflow. The vulnerabilities include code...
Vulnerabilities fixed in Siemens products
Siemens has fixed vulnerabilities in various products such as Desigo, NX, Polarion, SENTRON, Simcenter, SINEC, SIPORT, Siveillance, Solid Edge, The vulnerabilities potentially enable a malicious person to carry out attacks that can lead to the following categories of damage: - Denial-of-Service D...
Vulnerability fixed in PEAR
PEAR has fixed a vulnerability in version 1.33.0. The vulnerability is in how the pregreplace function handles the /e modifier. This poses a risk of unauthorized code execution, which could compromise the integrity of applications using this framework. The patch fixes this problem by ensuring tha...
Vulnerabilities fixed in n8n
n8n has fixed vulnerabilities in versions 1.114.3, 1.115.0, 1.123.17, 2.5.2, 1.122.5, 1.123.2, 1.123.18, 2.5.0, 1.123.10, 2.5.0, 2.2.1, 1.123.9, 1.123.12, 2.4.0, 1.118.0, 2.4.0, 2.4.8, and 1.120.3. The vulnerabilities include the use of Buffer.allocUnsafe and Buffer.allocUnsafeSlow, which can lea...
Vulnerabilities fixed in Samsung mobile
Samsung has fixed vulnerabilities in several software components, including Emergency Sharing, KnoxGuard Manager, Settings, PACM, FacAtFunction, ShortcutService and Samsung Dialer, specific to the SMR Feb-2026 Release 1. The vulnerabilities are related to improper access management, improper...
Vulnerability fixed in SmarterTools SmarterMail
SmarterTools has fixed vulnerabilities in SmarterMail. A malicious party could exploit the vulnerabilities to bypass authentication and execute arbitrary code with administrator privileges, and possibly SYSTEM. For successful abuse, the malicious party must have access to the API interface...
Vulnerability fixed in Cisco Meeting Management
Cisco has fixed a vulnerability in Cisco Meeting Management. The vulnerability is in the Certificate Management feature of Cisco Meeting Management, which contains incorrect input validation within the Web-based management interface. This allows authenticated remote attackers to upload arbitrary...
Vulnerability fixed in Cisco TelePresence Collaboration Endpoint
Cisco has fixed a vulnerability in Cisco TelePresence Collaboration Endpoint and RoomOS Software. The vulnerability is in how the text viewer system does not perform sufficient input control. This can be exploited by unauthenticated remote attackers, leading to a denial-of-service DoS and affecti...
Vulnerabilities fixed in SolarWinds Web Help Desk
SolarWinds has fixed vulnerabilities in SolarWinds Web Help Desk. The vulnerabilities include the ability for unauthenticated attackers to gain access to limited functionality within the system, the use of hard-coded credentials that could grant unauthorized access to administrative functions, an...
Vulnerabilities fixed in Fortinet products
Fortinet has fixed vulnerabilities in FortiOS, FortiProxy, FortiWeb and FortiSwitchManager. The vulnerabilities allow unauthenticated attackers to gain access to systems by using various techniques, including bypassing FortiCloud SSO login authentication via specially crafted SAML messages,...
Vulnerability fixed in Fortinet products
Fortinet has fixed a vulnerability in FortiAnalyzer, FortiManager, FortiOS and FortiProxy products. The vulnerability is in specific implementations of FortiCloud SSO authentication. The vulnerability allows attackers with a registered device and a FortiCloud account to bypass authentication and...
ZeroDay vulnerability fixed in Microsoft Office
Microsoft has fixed a ZeroDay vulnerability in Microsoft Office. The vulnerability is in the way Microsoft Office handles untrusted input, which allows attackers to bypass security features locally. This can affect the integrity of security decisions made by the software. The reliance on untruste...
Vulnerability fixed in BIND 9
ICS has fixed a vulnerability in BIND 9. The vulnerability is located in certain versions of BIND 9, where malformed BRID/HHIT records can lead to the unexpected termination of the named service, which is critical for DNS resolution. This vulnerability allows attackers to crash the service throug...
Vulnerabilities fixed in GitLab Community Edition and Enterprise Edition
GitLab has fixed vulnerabilities in Community Edition CE and Enterprise Edition EE versions for 18.6.4, 18.7.2, and 18.8.2. Malicious parties can exploit the vulnerabilities to cause a denial-of-service DoS, or potentially gain access to sensitive data by bypassing security measures. GitLab has...
Vulnerabilities fixed in Cisco Unified Communications products
Cisco has fixed vulnerabilities in several Cisco Unified Communications products. The vulnerabilities include a critical vulnerability that allows unauthenticated remote attackers to execute arbitrary commands on the device's operating system. This is due to improper validation of user input in...
Vulnerability fixed in Palo Alto Networks PAN OS
Palo Alto Networks has fixed a vulnerability in PAN-OS. The vulnerability is in the way PAN-OS handles certain requests. Unauthenticated attackers can cause a denial-of-service DoS by repeatedly sending requests, which can cause the firewall to go into maintenance mode, disrupting normal...
Vulnerabilities fixed in Atlassian products
Atlassian has fixed vulnerabilities in several products, which use Oracle middle-ware products such as the Oracle Utilities Application Framework, WebLogic Server, Data Integrator and Business Intelligence Enterprise Edition. These vulnerabilities allow unauthenticated attackers to perform a deni...
Vulnerability fixed in GNU Inetutils telnetd
Security researchers have found a a vulnerability in Inetutils telnetd version 2.7. This vulnerability has been present since version 1.9.3 that came out in 2015, according to the researchers. The vulnerability is in the way the telnetd service handles the USER environment variable. By setting th...