4197 matches found
Vulnerabilities fixed in Oracle MySQL
Oracle has fixed vulnerabilities in several Oracle MySQL components. The vulnerabilities allow highly privileged attackers to remotely exploit the server, which can lead to server crashes and denial of service. This problem can be exploited by attackers with network access, underscoring the need...
Vulnerabilities fixed in Oracle JD Edwards
Oracle has fixed vulnerabilities in Oracle JD Edwards EnterpriseOne Tools. The vulnerabilities in Oracle JD Edwards EnterpriseOne Tools allow unauthenticated attackers to access critical data and compromise systems. Oracle has released updates to address the vulnerabilities. See attached referenc...
Vulnerabilities fixed in Oracle Java
Oracle has fixed vulnerabilities in Oracle Java SE. The vulnerabilities, particularly in the JavaFX component, allow unauthenticated attackers to compromise systems through untrusted code, which can lead to denial of service DoS attacks and unauthorized access to sensitive data. Exploitation of...
Vulnerabilities fixed in Oracle Hyperion
Oracle has fixed vulnerabilities in several subcomponents of Hyperon products. The vulnerabilities allow unauthenticated attackers to compromise systems, perform denial-of-service attacks, and modify or steal sensitive data. Oracle has released updates to fix the vulnerabilities. See attached...
Vulnerabilities fixed in Oracle Analytics
Oracle has fixed vulnerabilities in Oracle Business Intelligence Enterprise Edition. The vulnerabilities allow unauthenticated attackers to cause a Denial-of-Service, or can lead to unauthorized access and modification of critical data. Oracle has released updates to fix the vulnerability. See...
Vulnerabilities fixed in Oracle Fusion Middleware
Oracle has fixed vulnerabilities in several products, including Oracle HTTP Server, Oracle WebLogic Server, and Oracle Fusion Middleware. The vulnerabilities in the Oracle products allow unauthenticated attackers to access sensitive data, conduct denial-of-service DoS attacks, and compromise the...
Vulnerabilities fixed in Oracle Enterprise Manager
Oracle has fixed vulnerabilities in Oracle Enterprise Manager Base Platform and Oracle Application Testing Suite. The vulnerabilities allow unauthenticated attackers to gain unauthorized access, or can lead to a partial denial-of-service over HTTP. Oracle has released updates to fix the...
Vulnerabilities fixed in Oracle Financial Services
Oracle has fixed vulnerabilities in several products, including Oracle Banking Liquidity Management, Oracle Financial Services Model Management and Oracle FLEXCUBE. The vulnerabilities in the Oracle products allow unauthenticated attackers to gain access to sensitive data and perpetrate...
Vulnerabilities fixed in Oracle E-Business Suite
Oracle has fixed vulnerabilities in Oracle E-Business Suite. The vulnerabilities are in several components of Oracle E-Business Suite, including Scripting, Workflow, Applications DBA and Configurator. These vulnerabilities can be exploited by unauthenticated or highly privileged attackers, leadin...
Vulnerabilities fixed in Oracle PeopleSoft
Oracle has fixed vulnerabilities in Oracle PeopleSoft. The vulnerabilities allow unauthenticated attackers to access and modify sensitive data. This can lead to unauthorized access and modifications to critical data, with CVSS scores ranging from 5.4 to 10.0, indicating moderate to significant ri...
Vulnerabilities fixed in Oracle Communications products
Oracle has fixed vulnerabilities in Oracle Communications products. The vulnerabilities allow attackers to gain unauthorized access to the system, which can lead to data manipulation and partial denial-of-service. Attackers can exploit these vulnerabilities via HTTP requests, potentially resultin...
Vulnerabilities fixed in Oracle Database Server products
Oracle has fixed vulnerabilities in Oracle Database Server products. The vulnerabilities in Oracle Database Server allow unauthenticated attackers to compromise the integrity and confidentiality of data. This could lead to unauthorized access to sensitive data and even a possible takeover of the...
Vulnerabilities fixed in Oracle Commerce
Oracle has fixed vulnerabilities in several products, including Oracle WebLogic Server and Oracle Commerce products The vulnerabilities allow unauthenticated attackers to cause partial denial-of-service over HTTP. This can lead to system downtime and service disruption. In addition, there is a...
Vulnerability fixed in Fortinet FortiSIEM
Fortinet has fixed a vulnerability in FortiSIEM Versions 6.7.0 to 7.4.0. The vulnerability is in the way FortiSIEM handles TCP requests. Unauthenticated attackers can exploit this vulnerability to execute unauthorized code or commands through specially crafted TCP requests. This can lead to...
Vulnerabilities fixed in TYPO3 CMS
TYPO3 has fixed vulnerabilities in TYPO3 CMS Specific to certain versions. The vulnerabilities in TYPO3 CMS allow attackers to bypass field-level access controls, insert unauthorized data into restricted database fields, and manipulate redirect records without any restrictions. In addition,...
Vulnerabilities fixed in Juniper Networks JunOS
Juniper has fixed vulnerabilities in Junos OS Specifically for SRX and MX Series devices. The vulnerabilities in Junos OS include several issues, including clickjacking, denial-of-service DoS by malformed packets, and vulnerabilities that can be exploited by unauthenticated attackers. These...
Vulnerabilities fixed in Aruba Networks ArubaOS
Aruba Networks has fixed vulnerabilities in AOS-8 and AOS-10. The vulnerabilities are in the Web management interfaces of the AOS-8 and AOS-10 systems. These vulnerabilities include arbitrarily file deletion, stack overflow, command injection, and improper input handling. A malicious party can...
Vulnerability fixed in Fortinet FortiOS
Fortinet has fixed a vulnerability in FortiOS FortiSASE and FortiSwitchManager specifically. The vulnerability is located in the cwacd daemon in FortiOS and FortiSwitchManager. This daemon is vulnerable to exploitation by remote, unauthenticated attackers. By sending specially crafted packets or...
Vulnerabilities fixed in Adobe Illustrator
Adobe has fixed vulnerabilities in Adobe Illustrator Specifically for versions 29.8.3, 30.0 and earlier. The vulnerabilities are in the way Adobe Illustrator handles specially crafted files. The first vulnerability involves an Unreliable Search Path issue that can lead to arbitrary code execution...
Vulnerabilities fixed in Adobe InDesign Desktop
Adobe has fixed vulnerabilities in InDesign Desktop Specifically for versions 21.0, 19.5.5 and earlier. The vulnerabilities include an improperly initialized pointer that leads to arbitrary code execution, a heap-based buffer overflow that also enables arbitrary code execution without further use...
Vulnerabilities fixed in Adobe Dreamweaver Desktop
Adobe has fixed vulnerabilities in Dreamweaver Desktop Versions 21.6 and earlier. The vulnerabilities are in the way Dreamweaver Desktop validates input. This can lead to unauthorized file manipulation and execution of arbitrary code. Exploitation of these vulnerabilities requires user interactio...
Vulnerability fixed in Microsoft Developer Tools
Microsoft has fixed a vulnerability in Inbox COM Objects. A malicious party could exploit the vulnerability to execute arbitrary code in the context of the vulnerable application without prior authentication. Inbox Component Object Model COM objects is an architecture for developers to develop...
Vulnerabilities fixed in Microsoft Azure
Microsoft has fixed vulnerabilities in several Azure components. A malicious party can exploit the vulnerabilities to grant themselves elevated privileges to access sensitive data or execute code that the malicious party is not initially authorized to execute. For successful abuse, the malicious...
Vulnerability fixed in Microsoft SQL Server
Microsoft has fixed a vulnerability in SQL Server A malicious party can exploit the vulnerability to gain unauthorized access to DEBUG functionality and thereby generate, among other things, memory dumps. These dumps can also involve memory outside the scope of SQL Server, allowing the malicious...
Vulnerabilities fixed in SAP products
SAP has fixed vulnerabilities in SAP S/4HANA Private Cloud and On-Premise, SAP Wily Introscope Enterprise Manager, SAP Landscape Transformation, SAP HANA, SAP Application Server for ABAP, SAP NetWeaver, SAP ECC, SAP Fiori App for Intercompany Balance Reconciliation, SAP NetWeaver Application Serv...
Vulnerabilities fixed in Siemens products
Siemens has fixed vulnerabilities in several products such as Industrial Edge Devices, SCALANCE, SIMATIC, SIPLUS and Telecontrol Server. The vulnerabilities potentially enable a malicious person to carry out attacks that could result in the following categories of damage: - Denial-of-Service DoS ...
Vulnerabilities fixed in Trend Micro Apex Central
Trend Micro has fixed vulnerabilities in Trend Micro Apex Central. The vulnerabilities are in the way Trend Micro Apex Central handles certain input. An attacker can cause a denial-of-service DoS without authentication by using an unverified NULL return value. In addition, malicious actors can ga...
Vulnerabilities fixed in GitLab
GitLab has fixed vulnerabilities in GitLab CE/EE. The vulnerabilities include several issues, including the ability for authenticated users to abuse external API calls, which could lead to a Denial-of-Service. In addition, GraphQL allowed authenticated users to make unauthorized changes to projec...
Vulnerability fixed in n8n
N8n has fixed a vulnerability in versions below 1.121.0. The vulnerability in allows unauthorized external malicious parties to access files on the underlying server via specific, form-based workflows. This could expose sensitive information stored on the system and, depending on the configuratio...
Vulnerabilities fixed in Hanwha camera systems
Hanwha has fixed vulnerabilities in several camera systems, including issues with XML validation, certificate validation, permissions management for guest accounts, video analytics and hard-coded encryption key. The vulnerabilities include an issue with the validation of incoming XML requests,...
Vulnerability fixed in Roundcube Webmail
Roundcube has fixed a vulnerability in Roundcube Webmail. An unauthenticated malicious party can exploit the vulnerability to perform a cross-site scripting attack. The malicious party can thus execute JavaScript code in a user's browser and take over a user's account, for example. To do this, th...
Vulnerability fixed in SmarterMail
SmarterTools has fixed a vulnerability in SmarterMail. The vulnerability allows an unauthenticated remote malicious person to upload arbitrary files to the mail server. In this way, the malicious party can, among other things, execute code on the vulnerable mail server and access data stored on i...
Vulnerabilities fixed in QNAP operating systems
QNAP has fixed vulnerabilities in QTS and QuTS hero The vulnerabilities include a critical flaw in argument separator processing, a NULL pointer dereference that can lead to denial-of-service DoS attacks, an SQL injection that enables unauthorized code execution, and an authentication bypass that...
Vulnerability fixed in MongoDB
MongoDB developers have fixed a vulnerability in MongoDB. The vulnerability with reference CVE-2025-14847 allows an unauthenticated remote attacker to read uninitialized heap memory. It is caused by improperly processing length parameters in Zlib-compressed protocol headers. Misuse of the...
Vulnerability fixed in HPE OneView Software
HPE has fixed a vulnerability in the HPE OneView Software. The vulnerability is in the way the OneView Software handles remote requests. When HPE OneView Software is accessible over the Internet, unauthenticated remote users can execute code. This could allow attackers to gain control of affected...
Vulnerabilities fixed in Foxit PDF Reader
Foxit has fixed vulnerabilities in Foxit PDF Reader Specifically for versions prior to 2025.2.1, 14.0.1 and 13.2.1 on Windows and macOS. The vulnerabilities include a local privilege escalation, a use-after-free vulnerability and a memory corruption related to insufficient boundary checking when...
Vulnerability fixed in WatchGuard Firebox
A vulnerability has been fixed in WatchGuard Fireware OS. A vulnerability has been fixed in WatchGuard Fireware OS. The vulnerability CVE-2025-14733 involves an out-of-bounds write in the iked process of Fireware OS and affects both the Mobile User VPN IKEv2 and the Branch Office VPN IKEv2 when...
Vulnerability in Cisco AsyncOS
Cisco has a vulnerability in Cisco AsyncOS. The vulnerability is in devices using Cisco AsyncOS software in conjunction with Cisco Secure Email Gateway and Cisco Secure Email and Web Manager. Exploitation requires the service to be accessible from the Internet and the Spam Quarantine feature to b...
Vulnerabilities fixed in Apple iOS and iPadOS
Apple fixed vulnerabilities in iOS and iPadOS versions 18.7.3 and 26.2 The vulnerabilities include a use-after-free issue, a memory corruption, and a logging issue that allowed unauthorized access to sensitive user data. These vulnerabilities could be exploited by malicious parties via specially...
Vulnerabilities fixed in Apple macOS
Apple has fixed vulnerabilities in macOS Sonoma 14.8.3, macOS Sequoia 15.7.3 and macOS Tahoe 26.2. The vulnerabilities covered a wide range of issues, including memory corruption, logging problems, and unauthorized access to sensitive user data. These vulnerabilities could be exploited by malicio...
Vulnerabilities fixed in React Server Components
Meta has fixed vulnerabilities in React Server Components Parcel, Turbopack and Webpack Specifically for versions 19.0.2, 19.1.3 and 19.2.2. The vulnerabilities are related to insecure deserialization of HTTP request payloads, which can lead to Denial-of-Service attacks and server hangs. This...
Vulnerabilities fixed in SAP Software
SAP has fixed multiple vulnerabilities in several products, including SAP Solution Manager, SAP jConnect, SAP Web Dispatcher, SAP NetWeaver, SAP S/4 HANA Private Cloud, and SAP BusinessObjects. The vulnerabilities include code injection, deserialization, and insufficient input validation, which c...
Vulnerability fixed in GeoServer
OSGeo has fixed a vulnerability in GeoServer. The vulnerability is in the way GeoServer processes XML input, specifically via the /geoserver/wms GetMap operation. Improper sanitation of XML input allows attackers to disclose sensitive files or conduct denial-of-service attacks using custom XML...
Vulnerability fixed in Barracuda Service Center
Barracuda has fixed a vulnerability in Barracuda Service Center Specifically for RMM solutions, versions prior to 2025.1.1. The vulnerability is in the inadequate URL authentication in WSDL files that can be manipulated by attackers. This can lead to the overwriting of arbitrary files and externa...
Vulnerabilities fixed in Ivanti Endpoint Manager
Ivanti has fixed vulnerabilities in Ivanti Endpoint Manager Specific for versions prior to 2024 SU4 SR1. The vulnerabilities are located in several components of Ivanti Endpoint Manager. The first vulnerability involves a stored XSS vulnerability that allows unauthenticated attackers to execute...
Vulnerabilities fixed in GitLab CE/EE
GitLab has fixed vulnerabilities in GitLab CE/EE. The vulnerabilities include several issues, including the ability for authenticated users to upload malicious images, perform unauthorized actions by injecting malicious HTML, obtain sensitive information through GraphQL queries, and bypass WebAut...
Vulnerabilities fixed in Adobe Experience Manager
Adobe has fixed vulnerabilities in Adobe Experience Manager. Most of the fixed vulnerabilities involve Cross-Site Scripting XSS, which can lead to execution of arbitrary code or increase user privileges. This does require user interaction. The vulnerability with reference CVE-2025-64540 concerns ...
Vulnerabilities fixed in Adobe Acrobat Reader
Adobe has fixed vulnerabilities in several versions of Acrobat Reader. The vulnerabilities include an untrusted search path that allows attackers to execute arbitrary code by manipulating the application's search paths. In addition, there are vulnerabilities related to the improper verification o...
Vulnerabilities fixed in Adobe ColdFusion
Adobe has fixed vulnerabilities in ColdFusion Specifically for versions 25.4, 23.16, 21.22 and earlier. The vulnerabilities are in the way ColdFusion handles file uploads, input validation, and data access. Users with high privileges can execute unauthorized code or access sensitive data without...
Vulnerabilities fixed in Microsoft Exchange
Microsoft has fixed vulnerabilities in Exchange. An authenticated malicious party can exploit the vulnerabilities to impersonate another user or grant themselves elevated privileges, potentially gaining access to sensitive data that the malicious party is not initially authorized to access...