Vulnerability fixed in Google Chrome

Google has fixed a vulnerability in Google Chrome for versions prior to 145.0.7632.75. The vulnerability is in the way Google Chrome handles CSS and involves a use-after-free issue. This can lead to remote code execution via specially crafted HTML pages. Both Google Chrome and Microsoft Edge base...

Vulnerability fixed in Dell RecoverPoint for Virtual Machines

Dell has fixed a vulnerability in Dell RecoverPoint for Virtual Machines versions prior to 6.0.3.1 HF1. The vulnerability resides in hard-coded login credentials present in the software. This allows unauthenticated attackers on the same network to gain unauthorized access to the system. This coul...

Vulnerabilities fixed in Apple iOS and iPadOS

Apple has fixed vulnerabilities in iOS and iPadOS. The vulnerabilities included several problems such as memory corruption, buffer overflow, and post-release usage, which could lead to unauthorized access to sensitive data, unexpected process crashes and other stability issues. The vulnerabilitie...

Vulnerabilities fixed in Apple macOS

Apple has fixed vulnerabilities in macOS, including versions Sequoia 15.7.4, Tahoe 26.3 and Sonoma 14.8.4. The vulnerabilities include memory corruption issues, unauthorized access to sensitive user data, and logging issues that could lead to unauthorized access to location information. The updat...

Vulnerability fixed in BeyondTrust Remote Support

BeyondTrust has fixed a vulnerability in BeyondTrust Remote Support and some older versions of Privileged Remote Access. The vulnerability is in the software's pre-authentication, which allows unauthenticated attackers to execute operating system commands by sending specially crafted requests to...

Vulnerabilities fixed in GitLab CE/EE

GitLab has fixed vulnerabilities in GitLab CE/EE Specifically for versions prior to 18.6.6, 18.7.4, and 18.8.4. The vulnerabilities include server-side request forgery, unauthorized access to internal network services, injection of malicious content, unauthorized actions via the GLQL API,...

Vulnerabilities fixed in Fortinet FortiOS

Fortinet has fixed vulnerabilities in FortiOS Versions 7.0 to 7.6.4, 7.4.0 to 7.4.9, and 7.2.0 to 7.2.11. The vulnerabilities include an Authentication Bypass that allows unauthenticated attackers to bypass LDAP authentication for Agentless VPN or FSSO policies, depending on specific configuratio...

Vulnerabilities fixed in Fortinet FortiSandbox, FortiAuthenticator and FortiClient

Fortinet has fixed vulnerabilities in FortiSandbox versions 4.4.8 and 5.0.5, FortiAuthenticator versions 6.3 to 6.6.6 and FortiClient versions 7.0, 7.2 and 7.4. The vulnerability in FortiSandbox involves Cross-site Scripting, which allows unauthenticated attackers to execute arbitrary commands vi...

Vulnerabilities fixed in Microsoft Office

Microsoft has fixed vulnerabilities in Office components. A malicious party could exploit the vulnerabilities to bypass security measures, pretend to be another user and thus gain elevated privileges and access to sensitive data. For successful exploitation, the malicious party must trick the...

Vulnerabilities fixed in Microsoft Azure

Microsoft has fixed vulnerabilities in several Azure components. A malicious party could exploit the vulnerabilities to impersonate another user, potentially grant themselves elevated privileges and thus execute arbitrary code or gain access to sensitive data. Of the vulnerabilities labeled...

Vulnerabilities fixed in Microsoft Developer Tools

Microsoft has fixed vulnerabilities in several Visual Studio and .NET components. A malicious party could exploit the vulnerabilities to bypass security measures, grant themselves elevated privileges and potentially execute arbitrary code with the victim's privileges. For successful abuse, the...

Vulnerability fixed in Microsoft SQL Server

Microsoft has fixed a vulnerability in SQL Server Power BI. A malicious party could exploit the vulnerability to execute arbitrary code on the vulnerable SQL Server. Microsoft has made updates available that fix the described vulnerability. We recommend that you install these updates. More...

Vulnerability fixed in Microsoft Exchange

Microsoft has fixed a vulnerability in Exchange server. A malicious person could, without prior authentication, impersonate another user and thus gain access to sensitive data in the victim's context. Microsoft has made updates available that fix the described vulnerability. We recommend that you...

Vulnerabilities fixed in Microsoft Windows

Microsoft has fixed vulnerabilities in Windows. A malicious party can exploit the vulnerabilities to carry out attacks that can lead to the following categories of damage: - Denial-of-Service DoS - Manipulation of data - Accessing sensitive data - Execution of arbitrary code user privileges -...

Vulnerabilities fixed in SAP products

SAP has fixed vulnerabilities in several products, including SAP CRM, SAP S/4HANA, SAP NetWeaver Application Server ABAP, SAP Supply Chain Management, SAP BusinessObjects BI Platform, SAP Document Management System, SAP Commerce Cloud, and SAP Business Workflow. The vulnerabilities include code...

Vulnerabilities fixed in Siemens products

Siemens has fixed vulnerabilities in various products such as Desigo, NX, Polarion, SENTRON, Simcenter, SINEC, SIPORT, Siveillance, Solid Edge, The vulnerabilities potentially enable a malicious person to carry out attacks that can lead to the following categories of damage: - Denial-of-Service D...

Vulnerability fixed in PEAR

PEAR has fixed a vulnerability in version 1.33.0. The vulnerability is in how the pregreplace function handles the /e modifier. This poses a risk of unauthorized code execution, which could compromise the integrity of applications using this framework. The patch fixes this problem by ensuring tha...

Vulnerabilities fixed in n8n

n8n has fixed vulnerabilities in versions 1.114.3, 1.115.0, 1.123.17, 2.5.2, 1.122.5, 1.123.2, 1.123.18, 2.5.0, 1.123.10, 2.5.0, 2.2.1, 1.123.9, 1.123.12, 2.4.0, 1.118.0, 2.4.0, 2.4.8, and 1.120.3. The vulnerabilities include the use of Buffer.allocUnsafe and Buffer.allocUnsafeSlow, which can lea...

Vulnerabilities fixed in Samsung mobile

Samsung has fixed vulnerabilities in several software components, including Emergency Sharing, KnoxGuard Manager, Settings, PACM, FacAtFunction, ShortcutService and Samsung Dialer, specific to the SMR Feb-2026 Release 1. The vulnerabilities are related to improper access management, improper...

Vulnerability fixed in SmarterTools SmarterMail

SmarterTools has fixed vulnerabilities in SmarterMail. A malicious party could exploit the vulnerabilities to bypass authentication and execute arbitrary code with administrator privileges, and possibly SYSTEM. For successful abuse, the malicious party must have access to the API interface...

Vulnerability fixed in Cisco Meeting Management

Cisco has fixed a vulnerability in Cisco Meeting Management. The vulnerability is in the Certificate Management feature of Cisco Meeting Management, which contains incorrect input validation within the Web-based management interface. This allows authenticated remote attackers to upload arbitrary...

Vulnerability fixed in Cisco TelePresence Collaboration Endpoint

Cisco has fixed a vulnerability in Cisco TelePresence Collaboration Endpoint and RoomOS Software. The vulnerability is in how the text viewer system does not perform sufficient input control. This can be exploited by unauthenticated remote attackers, leading to a denial-of-service DoS and affecti...

Vulnerabilities fixed in SolarWinds Web Help Desk

SolarWinds has fixed vulnerabilities in SolarWinds Web Help Desk. The vulnerabilities include the ability for unauthenticated attackers to gain access to limited functionality within the system, the use of hard-coded credentials that could grant unauthorized access to administrative functions, an...

Vulnerabilities fixed in Fortinet products

Fortinet has fixed vulnerabilities in FortiOS, FortiProxy, FortiWeb and FortiSwitchManager. The vulnerabilities allow unauthenticated attackers to gain access to systems by using various techniques, including bypassing FortiCloud SSO login authentication via specially crafted SAML messages,...

Vulnerability fixed in Fortinet products

Fortinet has fixed a vulnerability in FortiAnalyzer, FortiManager, FortiOS and FortiProxy products. The vulnerability is in specific implementations of FortiCloud SSO authentication. The vulnerability allows attackers with a registered device and a FortiCloud account to bypass authentication and...

ZeroDay vulnerability fixed in Microsoft Office

Microsoft has fixed a ZeroDay vulnerability in Microsoft Office. The vulnerability is in the way Microsoft Office handles untrusted input, which allows attackers to bypass security features locally. This can affect the integrity of security decisions made by the software. The reliance on untruste...

Vulnerability fixed in BIND 9

ICS has fixed a vulnerability in BIND 9. The vulnerability is located in certain versions of BIND 9, where malformed BRID/HHIT records can lead to the unexpected termination of the named service, which is critical for DNS resolution. This vulnerability allows attackers to crash the service throug...

Vulnerabilities fixed in GitLab Community Edition and Enterprise Edition

GitLab has fixed vulnerabilities in Community Edition CE and Enterprise Edition EE versions for 18.6.4, 18.7.2, and 18.8.2. Malicious parties can exploit the vulnerabilities to cause a denial-of-service DoS, or potentially gain access to sensitive data by bypassing security measures. GitLab has...

Vulnerabilities fixed in Cisco Unified Communications products

Cisco has fixed vulnerabilities in several Cisco Unified Communications products. The vulnerabilities include a critical vulnerability that allows unauthenticated remote attackers to execute arbitrary commands on the device's operating system. This is due to improper validation of user input in...

Vulnerability fixed in Palo Alto Networks PAN OS

Palo Alto Networks has fixed a vulnerability in PAN-OS. The vulnerability is in the way PAN-OS handles certain requests. Unauthenticated attackers can cause a denial-of-service DoS by repeatedly sending requests, which can cause the firewall to go into maintenance mode, disrupting normal...

Vulnerabilities fixed in Atlassian products

Atlassian has fixed vulnerabilities in several products, which use Oracle middle-ware products such as the Oracle Utilities Application Framework, WebLogic Server, Data Integrator and Business Intelligence Enterprise Edition. These vulnerabilities allow unauthenticated attackers to perform a deni...

Vulnerability fixed in GNU Inetutils telnetd

Security researchers have found a a vulnerability in Inetutils telnetd version 2.7. This vulnerability has been present since version 1.9.3 that came out in 2015, according to the researchers. The vulnerability is in the way the telnetd service handles the USER environment variable. By setting th...

Vulnerabilities fixed in Oracle MySQL

Oracle has fixed vulnerabilities in several Oracle MySQL components. The vulnerabilities allow highly privileged attackers to remotely exploit the server, which can lead to server crashes and denial of service. This problem can be exploited by attackers with network access, underscoring the need...

Vulnerabilities fixed in Oracle JD Edwards

Oracle has fixed vulnerabilities in Oracle JD Edwards EnterpriseOne Tools. The vulnerabilities in Oracle JD Edwards EnterpriseOne Tools allow unauthenticated attackers to access critical data and compromise systems. Oracle has released updates to address the vulnerabilities. See attached referenc...

Vulnerabilities fixed in Oracle Java

Oracle has fixed vulnerabilities in Oracle Java SE. The vulnerabilities, particularly in the JavaFX component, allow unauthenticated attackers to compromise systems through untrusted code, which can lead to denial of service DoS attacks and unauthorized access to sensitive data. Exploitation of...

Vulnerabilities fixed in Oracle Hyperion

Oracle has fixed vulnerabilities in several subcomponents of Hyperon products. The vulnerabilities allow unauthenticated attackers to compromise systems, perform denial-of-service attacks, and modify or steal sensitive data. Oracle has released updates to fix the vulnerabilities. See attached...

Vulnerabilities fixed in Oracle Analytics

Oracle has fixed vulnerabilities in Oracle Business Intelligence Enterprise Edition. The vulnerabilities allow unauthenticated attackers to cause a Denial-of-Service, or can lead to unauthorized access and modification of critical data. Oracle has released updates to fix the vulnerability. See...

Vulnerabilities fixed in Oracle Fusion Middleware

Oracle has fixed vulnerabilities in several products, including Oracle HTTP Server, Oracle WebLogic Server, and Oracle Fusion Middleware. The vulnerabilities in the Oracle products allow unauthenticated attackers to access sensitive data, conduct denial-of-service DoS attacks, and compromise the...

Vulnerabilities fixed in Oracle Enterprise Manager

Oracle has fixed vulnerabilities in Oracle Enterprise Manager Base Platform and Oracle Application Testing Suite. The vulnerabilities allow unauthenticated attackers to gain unauthorized access, or can lead to a partial denial-of-service over HTTP. Oracle has released updates to fix the...

Vulnerabilities fixed in Oracle Financial Services

Oracle has fixed vulnerabilities in several products, including Oracle Banking Liquidity Management, Oracle Financial Services Model Management and Oracle FLEXCUBE. The vulnerabilities in the Oracle products allow unauthenticated attackers to gain access to sensitive data and perpetrate...

Vulnerabilities fixed in Oracle E-Business Suite

Oracle has fixed vulnerabilities in Oracle E-Business Suite. The vulnerabilities are in several components of Oracle E-Business Suite, including Scripting, Workflow, Applications DBA and Configurator. These vulnerabilities can be exploited by unauthenticated or highly privileged attackers, leadin...

Vulnerabilities fixed in Oracle PeopleSoft

Oracle has fixed vulnerabilities in Oracle PeopleSoft. The vulnerabilities allow unauthenticated attackers to access and modify sensitive data. This can lead to unauthorized access and modifications to critical data, with CVSS scores ranging from 5.4 to 10.0, indicating moderate to significant ri...

Vulnerabilities fixed in Oracle Communications products

Oracle has fixed vulnerabilities in Oracle Communications products. The vulnerabilities allow attackers to gain unauthorized access to the system, which can lead to data manipulation and partial denial-of-service. Attackers can exploit these vulnerabilities via HTTP requests, potentially resultin...

Vulnerabilities fixed in Oracle Database Server products

Oracle has fixed vulnerabilities in Oracle Database Server products. The vulnerabilities in Oracle Database Server allow unauthenticated attackers to compromise the integrity and confidentiality of data. This could lead to unauthorized access to sensitive data and even a possible takeover of the...

Vulnerabilities fixed in Oracle Commerce

Oracle has fixed vulnerabilities in several products, including Oracle WebLogic Server and Oracle Commerce products The vulnerabilities allow unauthenticated attackers to cause partial denial-of-service over HTTP. This can lead to system downtime and service disruption. In addition, there is a...

Vulnerability fixed in Fortinet FortiSIEM

Fortinet has fixed a vulnerability in FortiSIEM Versions 6.7.0 to 7.4.0. The vulnerability is in the way FortiSIEM handles TCP requests. Unauthenticated attackers can exploit this vulnerability to execute unauthorized code or commands through specially crafted TCP requests. This can lead to...

Vulnerabilities fixed in TYPO3 CMS

TYPO3 has fixed vulnerabilities in TYPO3 CMS Specific to certain versions. The vulnerabilities in TYPO3 CMS allow attackers to bypass field-level access controls, insert unauthorized data into restricted database fields, and manipulate redirect records without any restrictions. In addition,...

Vulnerabilities fixed in Juniper Networks JunOS

Juniper has fixed vulnerabilities in Junos OS Specifically for SRX and MX Series devices. The vulnerabilities in Junos OS include several issues, including clickjacking, denial-of-service DoS by malformed packets, and vulnerabilities that can be exploited by unauthenticated attackers. These...

Vulnerabilities fixed in Aruba Networks ArubaOS

Aruba Networks has fixed vulnerabilities in AOS-8 and AOS-10. The vulnerabilities are in the Web management interfaces of the AOS-8 and AOS-10 systems. These vulnerabilities include arbitrarily file deletion, stack overflow, command injection, and improper input handling. A malicious party can...

Vulnerability fixed in Fortinet FortiOS

Fortinet has fixed a vulnerability in FortiOS FortiSASE and FortiSwitchManager specifically. The vulnerability is located in the cwacd daemon in FortiOS and FortiSwitchManager. This daemon is vulnerable to exploitation by remote, unauthenticated attackers. By sending specially crafted packets or...