Lucene search
K

4197 matches found

NCSC
NCSC
•added 2026/01/21 10:12 a.m.•14 views

Vulnerabilities fixed in Oracle MySQL

Oracle has fixed vulnerabilities in several Oracle MySQL components. The vulnerabilities allow highly privileged attackers to remotely exploit the server, which can lead to server crashes and denial of service. This problem can be exploited by attackers with network access, underscoring the need...

7.7CVSS5.7AI score0.73495EPSS
Exploits8References1
NCSC
NCSC
•added 2026/01/21 10:12 a.m.•17 views

Vulnerabilities fixed in Oracle JD Edwards

Oracle has fixed vulnerabilities in Oracle JD Edwards EnterpriseOne Tools. The vulnerabilities in Oracle JD Edwards EnterpriseOne Tools allow unauthenticated attackers to access critical data and compromise systems. Oracle has released updates to address the vulnerabilities. See attached referenc...

8.1CVSS6.7AI score0.26049EPSS
Exploits6References1
NCSC
NCSC
•added 2026/01/21 10:11 a.m.•16 views

Vulnerabilities fixed in Oracle Java

Oracle has fixed vulnerabilities in Oracle Java SE. The vulnerabilities, particularly in the JavaFX component, allow unauthenticated attackers to compromise systems through untrusted code, which can lead to denial of service DoS attacks and unauthorized access to sensitive data. Exploitation of...

8.8CVSS5.6AI score0.01067EPSS
Exploits4References1
NCSC
NCSC
•added 2026/01/21 10:10 a.m.•9 views

Vulnerabilities fixed in Oracle Hyperion

Oracle has fixed vulnerabilities in several subcomponents of Hyperon products. The vulnerabilities allow unauthenticated attackers to compromise systems, perform denial-of-service attacks, and modify or steal sensitive data. Oracle has released updates to fix the vulnerabilities. See attached...

9.1CVSS6.6AI score0.26049EPSS
Exploits2References1
NCSC
NCSC
•added 2026/01/21 10:10 a.m.•11 views

Vulnerabilities fixed in Oracle Analytics

Oracle has fixed vulnerabilities in Oracle Business Intelligence Enterprise Edition. The vulnerabilities allow unauthenticated attackers to cause a Denial-of-Service, or can lead to unauthorized access and modification of critical data. Oracle has released updates to fix the vulnerability. See...

9.8CVSS6.5AI score0.06215EPSS
Exploits1References1
NCSC
NCSC
•added 2026/01/21 10:8 a.m.•22 views

Vulnerabilities fixed in Oracle Fusion Middleware

Oracle has fixed vulnerabilities in several products, including Oracle HTTP Server, Oracle WebLogic Server, and Oracle Fusion Middleware. The vulnerabilities in the Oracle products allow unauthenticated attackers to access sensitive data, conduct denial-of-service DoS attacks, and compromise the...

10CVSS6.8AI score0.99999EPSS
Exploits38References1
NCSC
NCSC
•added 2026/01/21 10:6 a.m.•13 views

Vulnerabilities fixed in Oracle Enterprise Manager

Oracle has fixed vulnerabilities in Oracle Enterprise Manager Base Platform and Oracle Application Testing Suite. The vulnerabilities allow unauthenticated attackers to gain unauthorized access, or can lead to a partial denial-of-service over HTTP. Oracle has released updates to fix the...

7.2CVSS8.4AI score0.02164EPSS
Exploits0References1
NCSC
NCSC
•added 2026/01/21 9:55 a.m.•15 views

Vulnerabilities fixed in Oracle Financial Services

Oracle has fixed vulnerabilities in several products, including Oracle Banking Liquidity Management, Oracle Financial Services Model Management and Oracle FLEXCUBE. The vulnerabilities in the Oracle products allow unauthenticated attackers to gain access to sensitive data and perpetrate...

9.3CVSS6.8AI score0.64718EPSS
Exploits5References1
NCSC
NCSC
•added 2026/01/21 9:29 a.m.•8 views

Vulnerabilities fixed in Oracle E-Business Suite

Oracle has fixed vulnerabilities in Oracle E-Business Suite. The vulnerabilities are in several components of Oracle E-Business Suite, including Scripting, Workflow, Applications DBA and Configurator. These vulnerabilities can be exploited by unauthenticated or highly privileged attackers, leadin...

9.3CVSS7.6AI score0.01548EPSS
Exploits1References1
NCSC
NCSC
•added 2026/01/21 9:27 a.m.•14 views

Vulnerabilities fixed in Oracle PeopleSoft

Oracle has fixed vulnerabilities in Oracle PeopleSoft. The vulnerabilities allow unauthenticated attackers to access and modify sensitive data. This can lead to unauthorized access and modifications to critical data, with CVSS scores ranging from 5.4 to 10.0, indicating moderate to significant ri...

10CVSS6.5AI score0.79807EPSS
Exploits15References1
NCSC
NCSC
•added 2026/01/21 9:25 a.m.•14 views

Vulnerabilities fixed in Oracle Communications products

Oracle has fixed vulnerabilities in Oracle Communications products. The vulnerabilities allow attackers to gain unauthorized access to the system, which can lead to data manipulation and partial denial-of-service. Attackers can exploit these vulnerabilities via HTTP requests, potentially resultin...

10CVSS6.8AI score0.86767EPSS
Exploits34References1
NCSC
NCSC
•added 2026/01/21 9:19 a.m.•9 views

Vulnerabilities fixed in Oracle Database Server products

Oracle has fixed vulnerabilities in Oracle Database Server products. The vulnerabilities in Oracle Database Server allow unauthenticated attackers to compromise the integrity and confidentiality of data. This could lead to unauthorized access to sensitive data and even a possible takeover of the...

10CVSS6.9AI score0.38701EPSS
Exploits12References1
NCSC
NCSC
•added 2026/01/21 9:18 a.m.•14 views

Vulnerabilities fixed in Oracle Commerce

Oracle has fixed vulnerabilities in several products, including Oracle WebLogic Server and Oracle Commerce products The vulnerabilities allow unauthenticated attackers to cause partial denial-of-service over HTTP. This can lead to system downtime and service disruption. In addition, there is a...

10CVSS7.3AI score0.79807EPSS
Exploits6References1
NCSC
NCSC
•added 2026/01/16 1:34 p.m.•11 views

Vulnerability fixed in Fortinet FortiSIEM

Fortinet has fixed a vulnerability in FortiSIEM Versions 6.7.0 to 7.4.0. The vulnerability is in the way FortiSIEM handles TCP requests. Unauthenticated attackers can exploit this vulnerability to execute unauthorized code or commands through specially crafted TCP requests. This can lead to...

9.8CVSS7.4AI score0.42649EPSS
Exploits4References1
NCSC
NCSC
•added 2026/01/16 10:11 a.m.•43 views

Vulnerabilities fixed in TYPO3 CMS

TYPO3 has fixed vulnerabilities in TYPO3 CMS Specific to certain versions. The vulnerabilities in TYPO3 CMS allow attackers to bypass field-level access controls, insert unauthorized data into restricted database fields, and manipulate redirect records without any restrictions. In addition,...

8.1CVSS7.4AI score0.0038EPSS
Exploits0References4
NCSC
NCSC
•added 2026/01/16 10:7 a.m.•21 views

Vulnerabilities fixed in Juniper Networks JunOS

Juniper has fixed vulnerabilities in Junos OS Specifically for SRX and MX Series devices. The vulnerabilities in Junos OS include several issues, including clickjacking, denial-of-service DoS by malformed packets, and vulnerabilities that can be exploited by unauthenticated attackers. These...

8.7CVSS7.9AI score0.00809EPSS
Exploits0References20
NCSC
NCSC
•added 2026/01/16 9:44 a.m.•11 views

Vulnerabilities fixed in Aruba Networks ArubaOS

Aruba Networks has fixed vulnerabilities in AOS-8 and AOS-10. The vulnerabilities are in the Web management interfaces of the AOS-8 and AOS-10 systems. These vulnerabilities include arbitrarily file deletion, stack overflow, command injection, and improper input handling. A malicious party can...

9.1CVSS7.8AI score0.01245EPSS
Exploits0References1
NCSC
NCSC
•added 2026/01/15 12:31 p.m.•13 views

Vulnerability fixed in Fortinet FortiOS

Fortinet has fixed a vulnerability in FortiOS FortiSASE and FortiSwitchManager specifically. The vulnerability is located in the cwacd daemon in FortiOS and FortiSwitchManager. This daemon is vulnerable to exploitation by remote, unauthenticated attackers. By sending specially crafted packets or...

9.8CVSS8AI score0.00746EPSS
Exploits1References1
NCSC
NCSC
•added 2026/01/15 12:16 p.m.•8 views

Vulnerabilities fixed in Adobe Illustrator

Adobe has fixed vulnerabilities in Adobe Illustrator Specifically for versions 29.8.3, 30.0 and earlier. The vulnerabilities are in the way Adobe Illustrator handles specially crafted files. The first vulnerability involves an Unreliable Search Path issue that can lead to arbitrary code execution...

8.6CVSS8AI score0.00221EPSS
Exploits0References1
NCSC
NCSC
•added 2026/01/14 1:45 p.m.•7 views

Vulnerabilities fixed in Adobe InDesign Desktop

Adobe has fixed vulnerabilities in InDesign Desktop Specifically for versions 21.0, 19.5.5 and earlier. The vulnerabilities include an improperly initialized pointer that leads to arbitrary code execution, a heap-based buffer overflow that also enables arbitrary code execution without further use...

7.8CVSS8.1AI score0.00238EPSS
Exploits0References1
NCSC
NCSC
•added 2026/01/14 1:41 p.m.•8 views

Vulnerabilities fixed in Adobe Dreamweaver Desktop

Adobe has fixed vulnerabilities in Dreamweaver Desktop Versions 21.6 and earlier. The vulnerabilities are in the way Dreamweaver Desktop validates input. This can lead to unauthorized file manipulation and execution of arbitrary code. Exploitation of these vulnerabilities requires user interactio...

8.6CVSS7.3AI score0.00716EPSS
Exploits0References1
NCSC
NCSC
•added 2026/01/13 7:19 p.m.•9 views

Vulnerability fixed in Microsoft Developer Tools

Microsoft has fixed a vulnerability in Inbox COM Objects. A malicious party could exploit the vulnerability to execute arbitrary code in the context of the vulnerable application without prior authentication. Inbox Component Object Model COM objects is an architecture for developers to develop...

7CVSS7.5AI score0.0034EPSS
Exploits0
NCSC
NCSC
•added 2026/01/13 7:17 p.m.•72 views

Vulnerabilities fixed in Microsoft Azure

Microsoft has fixed vulnerabilities in several Azure components. A malicious party can exploit the vulnerabilities to grant themselves elevated privileges to access sensitive data or execute code that the malicious party is not initially authorized to execute. For successful abuse, the malicious...

7.8CVSS7.1AI score0.00776EPSS
Exploits0
NCSC
NCSC
•added 2026/01/13 7:17 p.m.•7 views

Vulnerability fixed in Microsoft SQL Server

Microsoft has fixed a vulnerability in SQL Server A malicious party can exploit the vulnerability to gain unauthorized access to DEBUG functionality and thereby generate, among other things, memory dumps. These dumps can also involve memory outside the scope of SQL Server, allowing the malicious...

7.2CVSS7.4AI score0.01242EPSS
Exploits0
NCSC
NCSC
•added 2026/01/13 2:42 p.m.•25 views

Vulnerabilities fixed in SAP products

SAP has fixed vulnerabilities in SAP S/4HANA Private Cloud and On-Premise, SAP Wily Introscope Enterprise Manager, SAP Landscape Transformation, SAP HANA, SAP Application Server for ABAP, SAP NetWeaver, SAP ECC, SAP Fiori App for Intercompany Balance Reconciliation, SAP NetWeaver Application Serv...

9.9CVSS8.2AI score0.00878EPSS
Exploits0References1
NCSC
NCSC
•added 2026/01/13 12:5 p.m.•22 views

Vulnerabilities fixed in Siemens products

Siemens has fixed vulnerabilities in several products such as Industrial Edge Devices, SCALANCE, SIMATIC, SIPLUS and Telecontrol Server. The vulnerabilities potentially enable a malicious person to carry out attacks that could result in the following categories of damage: - Denial-of-Service DoS ...

10CVSS7.6AI score0.00601EPSS
Exploits0References5
NCSC
NCSC
•added 2026/01/09 11:14 a.m.•7 views

Vulnerabilities fixed in Trend Micro Apex Central

Trend Micro has fixed vulnerabilities in Trend Micro Apex Central. The vulnerabilities are in the way Trend Micro Apex Central handles certain input. An attacker can cause a denial-of-service DoS without authentication by using an unverified NULL return value. In addition, malicious actors can ga...

9.8CVSS8AI score0.0322EPSS
Exploits3References1
NCSC
NCSC
•added 2026/01/09 11:11 a.m.•7 views

Vulnerabilities fixed in GitLab

GitLab has fixed vulnerabilities in GitLab CE/EE. The vulnerabilities include several issues, including the ability for authenticated users to abuse external API calls, which could lead to a Denial-of-Service. In addition, GraphQL allowed authenticated users to make unauthorized changes to projec...

9.6CVSS6.5AI score0.0062EPSS
Exploits0References1
NCSC
NCSC
•added 2026/01/08 12:34 p.m.•9 views

Vulnerability fixed in n8n

N8n has fixed a vulnerability in versions below 1.121.0. The vulnerability in allows unauthorized external malicious parties to access files on the underlying server via specific, form-based workflows. This could expose sensitive information stored on the system and, depending on the configuratio...

10CVSS6.6AI score0.71647EPSS
Exploits18References2
NCSC
NCSC
•added 2026/01/08 12:28 p.m.•16 views

Vulnerabilities fixed in Hanwha camera systems

Hanwha has fixed vulnerabilities in several camera systems, including issues with XML validation, certificate validation, permissions management for guest accounts, video analytics and hard-coded encryption key. The vulnerabilities include an issue with the validation of incoming XML requests,...

9.3CVSS7.1AI score0.00369EPSS
Exploits0References1
NCSC
NCSC
•added 2025/12/31 2:29 p.m.•9 views

Vulnerability fixed in Roundcube Webmail

Roundcube has fixed a vulnerability in Roundcube Webmail. An unauthenticated malicious party can exploit the vulnerability to perform a cross-site scripting attack. The malicious party can thus execute JavaScript code in a user's browser and take over a user's account, for example. To do this, th...

7.2CVSS6.5AI score0.19769EPSS
Exploits1References1
NCSC
NCSC
•added 2025/12/31 2:19 p.m.•11 views

Vulnerability fixed in SmarterMail

SmarterTools has fixed a vulnerability in SmarterMail. The vulnerability allows an unauthenticated remote malicious person to upload arbitrary files to the mail server. In this way, the malicious party can, among other things, execute code on the vulnerable mail server and access data stored on i...

10CVSS7.6AI score0.85457EPSS
Exploits15References1
NCSC
NCSC
•added 2025/12/29 9:17 a.m.•6 views

Vulnerabilities fixed in QNAP operating systems

QNAP has fixed vulnerabilities in QTS and QuTS hero The vulnerabilities include a critical flaw in argument separator processing, a NULL pointer dereference that can lead to denial-of-service DoS attacks, an SQL injection that enables unauthorized code execution, and an authentication bypass that...

9.8CVSS8.5AI score0.00919EPSS
Exploits0References1
NCSC
NCSC
•added 2025/12/27 11:38 a.m.•10 views

Vulnerability fixed in MongoDB

MongoDB developers have fixed a vulnerability in MongoDB. The vulnerability with reference CVE-2025-14847 allows an unauthenticated remote attacker to read uninitialized heap memory. It is caused by improperly processing length parameters in Zlib-compressed protocol headers. Misuse of the...

8.7CVSS6.7AI score0.83007EPSS
Exploits39References2
NCSC
NCSC
•added 2025/12/24 11:29 a.m.•11 views

Vulnerability fixed in HPE OneView Software

HPE has fixed a vulnerability in the HPE OneView Software. The vulnerability is in the way the OneView Software handles remote requests. When HPE OneView Software is accessible over the Internet, unauthenticated remote users can execute code. This could allow attackers to gain control of affected...

10CVSS7.3AI score0.89733EPSS
Exploits8References1
NCSC
NCSC
•added 2025/12/24 9:14 a.m.•6 views

Vulnerabilities fixed in Foxit PDF Reader

Foxit has fixed vulnerabilities in Foxit PDF Reader Specifically for versions prior to 2025.2.1, 14.0.1 and 13.2.1 on Windows and macOS. The vulnerabilities include a local privilege escalation, a use-after-free vulnerability and a memory corruption related to insufficient boundary checking when...

8.8CVSS7.8AI score0.00255EPSS
Exploits0References1
NCSC
NCSC
•added 2025/12/19 11:16 a.m.•16 views

Vulnerability fixed in WatchGuard Firebox

A vulnerability has been fixed in WatchGuard Fireware OS. A vulnerability has been fixed in WatchGuard Fireware OS. The vulnerability CVE-2025-14733 involves an out-of-bounds write in the iked process of Fireware OS and affects both the Mobile User VPN IKEv2 and the Branch Office VPN IKEv2 when...

9.8CVSS7.6AI score0.18047EPSS
Exploits1References1
NCSC
NCSC
•added 2025/12/17 7:47 p.m.•10 views

Vulnerability in Cisco AsyncOS

Cisco has a vulnerability in Cisco AsyncOS. The vulnerability is in devices using Cisco AsyncOS software in conjunction with Cisco Secure Email Gateway and Cisco Secure Email and Web Manager. Exploitation requires the service to be accessible from the Internet and the Spam Quarantine feature to b...

10CVSS6.6AI score0.2906EPSS
Exploits2References1
NCSC
NCSC
•added 2025/12/15 9:8 a.m.•7 views

Vulnerabilities fixed in Apple iOS and iPadOS

Apple fixed vulnerabilities in iOS and iPadOS versions 18.7.3 and 26.2 The vulnerabilities include a use-after-free issue, a memory corruption, and a logging issue that allowed unauthorized access to sensitive user data. These vulnerabilities could be exploited by malicious parties via specially...

9.8CVSS6.7AI score0.32EPSS
Exploits16References2
NCSC
NCSC
•added 2025/12/15 9:6 a.m.•10 views

Vulnerabilities fixed in Apple macOS

Apple has fixed vulnerabilities in macOS Sonoma 14.8.3, macOS Sequoia 15.7.3 and macOS Tahoe 26.2. The vulnerabilities covered a wide range of issues, including memory corruption, logging problems, and unauthorized access to sensitive user data. These vulnerabilities could be exploited by malicio...

9.8CVSS6.8AI score0.32EPSS
Exploits16References3
NCSC
NCSC
•added 2025/12/12 10:46 a.m.•11 views

Vulnerabilities fixed in React Server Components

Meta has fixed vulnerabilities in React Server Components Parcel, Turbopack and Webpack Specifically for versions 19.0.2, 19.1.3 and 19.2.2. The vulnerabilities are related to insecure deserialization of HTTP request payloads, which can lead to Denial-of-Service attacks and server hangs. This...

7.5CVSS7.2AI score0.65592EPSS
Exploits13References4
NCSC
NCSC
•added 2025/12/12 9:29 a.m.•11 views

Vulnerabilities fixed in SAP Software

SAP has fixed multiple vulnerabilities in several products, including SAP Solution Manager, SAP jConnect, SAP Web Dispatcher, SAP NetWeaver, SAP S/4 HANA Private Cloud, and SAP BusinessObjects. The vulnerabilities include code injection, deserialization, and insufficient input validation, which c...

9.9CVSS7.4AI score0.64718EPSS
Exploits1References1
NCSC
NCSC
•added 2025/12/12 9:2 a.m.•8 views

Vulnerability fixed in GeoServer

OSGeo has fixed a vulnerability in GeoServer. The vulnerability is in the way GeoServer processes XML input, specifically via the /geoserver/wms GetMap operation. Improper sanitation of XML input allows attackers to disclose sensitive files or conduct denial-of-service attacks using custom XML...

9.8CVSS6.5AI score0.66753EPSS
Exploits4References1
NCSC
NCSC
•added 2025/12/11 1:53 p.m.•7 views

Vulnerability fixed in Barracuda Service Center

Barracuda has fixed a vulnerability in Barracuda Service Center Specifically for RMM solutions, versions prior to 2025.1.1. The vulnerability is in the inadequate URL authentication in WSDL files that can be manipulated by attackers. This can lead to the overwriting of arbitrary files and externa...

10CVSS7.2AI score0.22791EPSS
Exploits1References2
NCSC
NCSC
•added 2025/12/11 1:51 p.m.•7 views

Vulnerabilities fixed in Ivanti Endpoint Manager

Ivanti has fixed vulnerabilities in Ivanti Endpoint Manager Specific for versions prior to 2024 SU4 SR1. The vulnerabilities are located in several components of Ivanti Endpoint Manager. The first vulnerability involves a stored XSS vulnerability that allows unauthenticated attackers to execute...

9.6CVSS6.5AI score0.29949EPSS
Exploits0References1
NCSC
NCSC
•added 2025/12/11 9:22 a.m.•8 views

Vulnerabilities fixed in GitLab CE/EE

GitLab has fixed vulnerabilities in GitLab CE/EE. The vulnerabilities include several issues, including the ability for authenticated users to upload malicious images, perform unauthorized actions by injecting malicious HTML, obtain sensitive information through GraphQL queries, and bypass WebAut...

8.7CVSS6.8AI score0.0079EPSS
Exploits0References1
NCSC
NCSC
•added 2025/12/10 2:59 p.m.•13 views

Vulnerabilities fixed in Adobe Experience Manager

Adobe has fixed vulnerabilities in Adobe Experience Manager. Most of the fixed vulnerabilities involve Cross-Site Scripting XSS, which can lead to execution of arbitrary code or increase user privileges. This does require user interaction. The vulnerability with reference CVE-2025-64540 concerns ...

9.3CVSS6.9AI score0.00711EPSS
Exploits0References1
NCSC
NCSC
•added 2025/12/10 1:35 p.m.•13 views

Vulnerabilities fixed in Adobe Acrobat Reader

Adobe has fixed vulnerabilities in several versions of Acrobat Reader. The vulnerabilities include an untrusted search path that allows attackers to execute arbitrary code by manipulating the application's search paths. In addition, there are vulnerabilities related to the improper verification o...

7.8CVSS8.1AI score0.00435EPSS
Exploits0References1
NCSC
NCSC
•added 2025/12/10 1:34 p.m.•11 views

Vulnerabilities fixed in Adobe ColdFusion

Adobe has fixed vulnerabilities in ColdFusion Specifically for versions 25.4, 23.16, 21.22 and earlier. The vulnerabilities are in the way ColdFusion handles file uploads, input validation, and data access. Users with high privileges can execute unauthorized code or access sensitive data without...

9.1CVSS7.3AI score0.08773EPSS
Exploits0References1
NCSC
NCSC
•added 2025/12/09 6:42 p.m.•8 views

Vulnerabilities fixed in Microsoft Exchange

Microsoft has fixed vulnerabilities in Exchange. An authenticated malicious party can exploit the vulnerabilities to impersonate another user or grant themselves elevated privileges, potentially gaining access to sensitive data that the malicious party is not initially authorized to access...

7.5CVSS6.6AI score0.01021EPSS
Exploits0
Total number of security vulnerabilities4197