Vulnerabilities fixed in Adobe Illustrator

Adobe has fixed vulnerabilities in Adobe Illustrator Specifically for versions 29.8.3, 30.0 and earlier. The vulnerabilities are in the way Adobe Illustrator handles specially crafted files. The first vulnerability involves an Unreliable Search Path issue that can lead to arbitrary code execution...

Vulnerabilities fixed in Adobe InDesign Desktop

Adobe has fixed vulnerabilities in InDesign Desktop Specifically for versions 21.0, 19.5.5 and earlier. The vulnerabilities include an improperly initialized pointer that leads to arbitrary code execution, a heap-based buffer overflow that also enables arbitrary code execution without further use...

Vulnerabilities fixed in Adobe Dreamweaver Desktop

Adobe has fixed vulnerabilities in Dreamweaver Desktop Versions 21.6 and earlier. The vulnerabilities are in the way Dreamweaver Desktop validates input. This can lead to unauthorized file manipulation and execution of arbitrary code. Exploitation of these vulnerabilities requires user interactio...

Vulnerability fixed in Microsoft Developer Tools

Microsoft has fixed a vulnerability in Inbox COM Objects. A malicious party could exploit the vulnerability to execute arbitrary code in the context of the vulnerable application without prior authentication. Inbox Component Object Model COM objects is an architecture for developers to develop...

Vulnerabilities fixed in Microsoft Azure

Microsoft has fixed vulnerabilities in several Azure components. A malicious party can exploit the vulnerabilities to grant themselves elevated privileges to access sensitive data or execute code that the malicious party is not initially authorized to execute. For successful abuse, the malicious...

Vulnerability fixed in Microsoft SQL Server

Microsoft has fixed a vulnerability in SQL Server A malicious party can exploit the vulnerability to gain unauthorized access to DEBUG functionality and thereby generate, among other things, memory dumps. These dumps can also involve memory outside the scope of SQL Server, allowing the malicious...

Vulnerabilities fixed in SAP products

SAP has fixed vulnerabilities in SAP S/4HANA Private Cloud and On-Premise, SAP Wily Introscope Enterprise Manager, SAP Landscape Transformation, SAP HANA, SAP Application Server for ABAP, SAP NetWeaver, SAP ECC, SAP Fiori App for Intercompany Balance Reconciliation, SAP NetWeaver Application Serv...

Vulnerabilities fixed in Siemens products

Siemens has fixed vulnerabilities in several products such as Industrial Edge Devices, SCALANCE, SIMATIC, SIPLUS and Telecontrol Server. The vulnerabilities potentially enable a malicious person to carry out attacks that could result in the following categories of damage: - Denial-of-Service DoS ...

Vulnerabilities fixed in Trend Micro Apex Central

Trend Micro has fixed vulnerabilities in Trend Micro Apex Central. The vulnerabilities are in the way Trend Micro Apex Central handles certain input. An attacker can cause a denial-of-service DoS without authentication by using an unverified NULL return value. In addition, malicious actors can ga...

Vulnerabilities fixed in GitLab

GitLab has fixed vulnerabilities in GitLab CE/EE. The vulnerabilities include several issues, including the ability for authenticated users to abuse external API calls, which could lead to a Denial-of-Service. In addition, GraphQL allowed authenticated users to make unauthorized changes to projec...

Vulnerability fixed in n8n

N8n has fixed a vulnerability in versions below 1.121.0. The vulnerability in allows unauthorized external malicious parties to access files on the underlying server via specific, form-based workflows. This could expose sensitive information stored on the system and, depending on the configuratio...

Vulnerabilities fixed in Hanwha camera systems

Hanwha has fixed vulnerabilities in several camera systems, including issues with XML validation, certificate validation, permissions management for guest accounts, video analytics and hard-coded encryption key. The vulnerabilities include an issue with the validation of incoming XML requests,...

Vulnerability fixed in Roundcube Webmail

Roundcube has fixed a vulnerability in Roundcube Webmail. An unauthenticated malicious party can exploit the vulnerability to perform a cross-site scripting attack. The malicious party can thus execute JavaScript code in a user's browser and take over a user's account, for example. To do this, th...

Vulnerability fixed in SmarterMail

SmarterTools has fixed a vulnerability in SmarterMail. The vulnerability allows an unauthenticated remote malicious person to upload arbitrary files to the mail server. In this way, the malicious party can, among other things, execute code on the vulnerable mail server and access data stored on i...

Vulnerabilities fixed in QNAP operating systems

QNAP has fixed vulnerabilities in QTS and QuTS hero The vulnerabilities include a critical flaw in argument separator processing, a NULL pointer dereference that can lead to denial-of-service DoS attacks, an SQL injection that enables unauthorized code execution, and an authentication bypass that...

Vulnerability fixed in MongoDB

MongoDB developers have fixed a vulnerability in MongoDB. The vulnerability with reference CVE-2025-14847 allows an unauthenticated remote attacker to read uninitialized heap memory. It is caused by improperly processing length parameters in Zlib-compressed protocol headers. Misuse of the...

Vulnerability fixed in HPE OneView Software

HPE has fixed a vulnerability in the HPE OneView Software. The vulnerability is in the way the OneView Software handles remote requests. When HPE OneView Software is accessible over the Internet, unauthenticated remote users can execute code. This could allow attackers to gain control of affected...

Vulnerabilities fixed in Foxit PDF Reader

Foxit has fixed vulnerabilities in Foxit PDF Reader Specifically for versions prior to 2025.2.1, 14.0.1 and 13.2.1 on Windows and macOS. The vulnerabilities include a local privilege escalation, a use-after-free vulnerability and a memory corruption related to insufficient boundary checking when...

Vulnerability fixed in WatchGuard Firebox

A vulnerability has been fixed in WatchGuard Fireware OS. A vulnerability has been fixed in WatchGuard Fireware OS. The vulnerability CVE-2025-14733 involves an out-of-bounds write in the iked process of Fireware OS and affects both the Mobile User VPN IKEv2 and the Branch Office VPN IKEv2 when...

Vulnerability in Cisco AsyncOS

Cisco has a vulnerability in Cisco AsyncOS. The vulnerability is in devices using Cisco AsyncOS software in conjunction with Cisco Secure Email Gateway and Cisco Secure Email and Web Manager. Exploitation requires the service to be accessible from the Internet and the Spam Quarantine feature to b...

Vulnerabilities fixed in Apple iOS and iPadOS

Apple fixed vulnerabilities in iOS and iPadOS versions 18.7.3 and 26.2 The vulnerabilities include a use-after-free issue, a memory corruption, and a logging issue that allowed unauthorized access to sensitive user data. These vulnerabilities could be exploited by malicious parties via specially...

Vulnerabilities fixed in Apple macOS

Apple has fixed vulnerabilities in macOS Sonoma 14.8.3, macOS Sequoia 15.7.3 and macOS Tahoe 26.2. The vulnerabilities covered a wide range of issues, including memory corruption, logging problems, and unauthorized access to sensitive user data. These vulnerabilities could be exploited by malicio...

Vulnerabilities fixed in React Server Components

Meta has fixed vulnerabilities in React Server Components Parcel, Turbopack and Webpack Specifically for versions 19.0.2, 19.1.3 and 19.2.2. The vulnerabilities are related to insecure deserialization of HTTP request payloads, which can lead to Denial-of-Service attacks and server hangs. This...

Vulnerabilities fixed in SAP Software

SAP has fixed multiple vulnerabilities in several products, including SAP Solution Manager, SAP jConnect, SAP Web Dispatcher, SAP NetWeaver, SAP S/4 HANA Private Cloud, and SAP BusinessObjects. The vulnerabilities include code injection, deserialization, and insufficient input validation, which c...

Vulnerability fixed in GeoServer

OSGeo has fixed a vulnerability in GeoServer. The vulnerability is in the way GeoServer processes XML input, specifically via the /geoserver/wms GetMap operation. Improper sanitation of XML input allows attackers to disclose sensitive files or conduct denial-of-service attacks using custom XML...

Vulnerability fixed in Barracuda Service Center

Barracuda has fixed a vulnerability in Barracuda Service Center Specifically for RMM solutions, versions prior to 2025.1.1. The vulnerability is in the inadequate URL authentication in WSDL files that can be manipulated by attackers. This can lead to the overwriting of arbitrary files and externa...

Vulnerabilities fixed in Ivanti Endpoint Manager

Ivanti has fixed vulnerabilities in Ivanti Endpoint Manager Specific for versions prior to 2024 SU4 SR1. The vulnerabilities are located in several components of Ivanti Endpoint Manager. The first vulnerability involves a stored XSS vulnerability that allows unauthenticated attackers to execute...

Vulnerabilities fixed in GitLab CE/EE

GitLab has fixed vulnerabilities in GitLab CE/EE. The vulnerabilities include several issues, including the ability for authenticated users to upload malicious images, perform unauthorized actions by injecting malicious HTML, obtain sensitive information through GraphQL queries, and bypass WebAut...

Vulnerabilities fixed in Adobe Experience Manager

Adobe has fixed vulnerabilities in Adobe Experience Manager. Most of the fixed vulnerabilities involve Cross-Site Scripting XSS, which can lead to execution of arbitrary code or increase user privileges. This does require user interaction. The vulnerability with reference CVE-2025-64540 concerns ...

Vulnerabilities fixed in Adobe Acrobat Reader

Adobe has fixed vulnerabilities in several versions of Acrobat Reader. The vulnerabilities include an untrusted search path that allows attackers to execute arbitrary code by manipulating the application's search paths. In addition, there are vulnerabilities related to the improper verification o...

Vulnerabilities fixed in Adobe ColdFusion

Adobe has fixed vulnerabilities in ColdFusion Specifically for versions 25.4, 23.16, 21.22 and earlier. The vulnerabilities are in the way ColdFusion handles file uploads, input validation, and data access. Users with high privileges can execute unauthorized code or access sensitive data without...

Vulnerabilities fixed in Microsoft Exchange

Microsoft has fixed vulnerabilities in Exchange. An authenticated malicious party can exploit the vulnerabilities to impersonate another user or grant themselves elevated privileges, potentially gaining access to sensitive data that the malicious party is not initially authorized to access...

Vulnerabilities fixed in Microsoft Office

Microsoft has fixed vulnerabilities in several Office products. A malicious party can exploit the vulnerabilities to grant themselves elevated privileges, execute arbitrary code in the victim's context and potentially gain access to sensitive data. Successful exploitation requires the malicious...

Vulnerabilities fixed in Microsoft Windows

Microsoft has fixed vulnerabilities in Windows. A malicious party can exploit the vulnerabilities to carry out attacks that can lead to the following categories of damage: - Denial-of-Service - Execution of arbitrary code root/admin privileges - Accessing sensitive data - Obtaining elevated...

Vulnerabilities fixed in Siemens products

Siemens has fixed vulnerabilities in various products such as Building X, COMOS, Energy Services, Gridscale X, NX, RUGGEDCOM, SICAM, SIMATIC, SINEC, SINEMA, SIPLUS and Solid Edge. The vulnerabilities potentially enable a malicious person to launch attacks that could result in the following...

Vulnerabilities fixed in Splunk Enterprise and Splunk Cloud Platform

Splunk has fixed vulnerabilities in Splunk Enterprise and Splunk Cloud Platform. The vulnerabilities include several issues, including the ability for low-privileged users to create unauthorized dashboards, access sensitive information via mobile notifications, and the injection of ANSI escape...

Vulnerabilities fixed in React Server Components

React has fixed vulnerabilities in certain versions of React Server Components specifically for versions 19.0.0, 19.1.0, 19.1.1 and 19.2.0. An unauthenticated attacker can send a rogue HTTP request to any Server Function endpoint that, when processed by React, can lead to remote code execution on...

Vulnerabilities fixed in Google Android and Samsung Mobile

Google has fixed vulnerabilities in Android. Samsung has fixed vulnerabilities relevant to Samsung mobile in Samsung mobile. The vulnerabilities are primarily related to improper input validation, which can result in system crashes and remote denial of service attacks via malicious base stations...

Vulnerabilities fixed in Mattermost

Mattermost has fixed vulnerabilities in versions 11.0.x through 11.0.3, 10.12.x through 10.12.1, 10.11.x through 10.11.4 and 10.5.x through 10.5.12. The vulnerabilities allow an authenticated attacker to take over an account via a carefully crafted email address during the authentication process...

Vulnerabilities fixed in GitLab

GitLab has fixed vulnerabilities in its Community Edition CE and Enterprise Edition EE versions. The vulnerabilities include the ability for unauthenticated users to cause Denial of Service DoS conditions by submitting malicious JSON requests. In addition, unauthenticated users could join arbitra...

Vulnerabilities fixed in SonicWall Email Security appliances

SonicWall has fixed vulnerabilities in SonicWall Email Security appliances. The vulnerabilities are in the way SonicWall Email Security appliances handle untrusted root filesystem images and directory traversal. An attacker can exploit these vulnerabilities to execute uncontrolled code or gain...

Vulnerability fixed in Progress MOVEit Transfer

Progress has fixed a vulnerability in MOVEit Transfer Specifically for versions before 2024.1.8 and from 2025.0.0 to before 2025.0.4. The vulnerability involves a server-side request forgery SSRF. This vulnerability allows attackers to send unauthorized requests from the server, which can lead to...

Vulnerabilities fixed in Oracle Fusion Middleware

Oracle has fixed vulnerabilities in Oracle Fusion Middleware components. The vulnerabilities allow unauthenticated attackers to access critical data over HTTP, which can lead to partial denial-of-service. The severity of these vulnerabilities is underscored by CVSS scores of 7.5, indicating...

Vulnerabilities fixed in Arista EOS

Arista has fixed vulnerabilities in the Arista EOS platform. The vulnerabilities are related to the processing of malformed messages, which can lead to system crashes and denial-of-service conditions. High-privileged attackers can exploit these vulnerabilities, leading to severe operational...

Vulnerabilities fixed in Fortinet FortiOS

Fortinet has fixed vulnerabilities in FortiOS multiple versions. The vulnerabilities include a stack-based buffer overflow that allows attackers to execute unauthorized code or commands by sending specially crafted packets. A specific vulnerability in the FortiOS CAPWAP daemon allows a remote,...

Vulnerability fixed in Fortinet FortiWeb

Fortinet has fixed a vulnerability in FortiWeb. The vulnerability is in the way Fortinet FortiWeb handles HTTP requests and CLI commands. Authenticated attackers can exploit this vulnerability to execute unauthorized code via carefully crafted HTTP requests or CLI commands. Fortinet has confirmed...

Vulnerabilities fixed in Google Chrome

Google has fixed vulnerabilities in Chrome Specifically for versions prior to 142.0.7444.175. The vulnerabilities are in Google Chrome's V8 engine and allow remote attackers to exploit heap corruption via specially crafted HTML pages, which can lead to unauthorized actions, such as access to...

Vulnerabilities fixed in Cisco Unified Contact Center Express

Cisco has fixed vulnerabilities in Cisco Unified Contact Center Express CCX. The vulnerabilities are in the Java RMI process and the Contact Center Express Editor of Cisco Unified CCX. Unauthenticated attackers can exploit these vulnerabilities to upload files, execute commands with root privileg...

Vulnerabilities fixed in IBM AIX

IBM has fixed vulnerabilities in IBM AIX versions 7.2 and 7.3, as well as in IBM VIOS versions 3.1 and 4.1. The vulnerabilities are related to the insecure storage of NIM private keys, making systems vulnerable to man-in-the-middle attacks. Attackers can also send specially crafted URL requests,...

Vulnerabilities fixed in Zoom Workplace and Zoom Clients

Zoom has fixed vulnerabilities in Zoom Workplace and Zoom Clients Specifically for versions prior to 6.5.10. The vulnerabilities include improper validation of certificates, cross-site scripting, and improper handling of sensitive information, which can lead to unauthorized access and information...