Vulnerabilities fixed in GitLab

GitLab has fixed vulnerabilities in GitLab CE/EE versions for 18.3.6, 18.4.4, and 18.5.2. The vulnerabilities include the ability for attackers to remove Duo authentication flows, access sensitive information via GraphQL subscriptions, and bypass access controls on GitLab Pages. These...

Vulnerability fixed in Fortinet FortiWeb

Fortinet has fixed a vulnerability in FortiWeb. Fortinet has fixed a vulnerability in FortiWeb. The vulnerability marked CVE-2025-64446 involves a relative path traversal vulnerability and allows an unauthenticated remote attacker to execute administrative commands via specially crafted HTTP...

Vulnerabilities fixed in Cisco Catalyst Center

Cisco has fixed vulnerabilities in Cisco Catalyst Center. This vulnerability with reference CVE-2025-20341, arises from insufficient validation of user input. A malicious party could exploit this, by sending a specially crafted HTTP request, enabling unauthorized system changes, such as creating...

Vulnerability fixed in Adobe Photoshop

Adobe has fixed a vulnerability in Adobe Photoshop Desktop versions 26.8.1 and earlier. The vulnerability is in the way Adobe Photoshop handles files. This vulnerability can lead to arbitrary code execution when a user opens a malicious file. Adobe has released updates to fix the vulnerability. S...

Vulnerabilities fixed in Adobe Illustrator

Adobe has fixed vulnerabilities in Adobe Illustrator Specifically for versions 28.7.10, 28.8.2 and earlier, as well as Illustrator on iPad versions 3.0.9 and earlier. The vulnerabilities are in how Adobe Illustrator and Illustrator on iPad handle specially crafted files. These vulnerabilities can...

Vulnerabilities fixed in Microsoft Visual Studio

Microsoft has fixed vulnerabilities in Visual Studio and Code Copilot for Visual Studio. A malicious party could exploit the vulnerabilities to bypass security measures and execute arbitrary code in the victim's context. For successful exploitation, the malicious party must trick the victim into...

Vulnerability fixed in Microsoft SQL Server

Microsoft has fixed a vulnerability in SQL Server. An authenticated malicious party can exploit the vulnerability to use specially prepared SQL statements SQL Injection to grant themselves elevated privileges and thus gain access to sensitive information that the malicious party is not initially...

Vulnerabilities fixed in Microsoft Dynamics

Microsoft fixed vulnerabilities in Dynamics The vulnerabilities are in Dynamics 365 On Premise and Dynamics Field Service and allow a malicious person to access sensitive data, or impersonate another user. Microsoft has made updates available that fix the described vulnerabilities. We encourage y...

Vulnerabilities fixed in Microsoft Office

Microsoft has fixed vulnerabilities in several Office products. A malicious party can exploit the vulnerabilities to grant themselves elevated privileges, execute arbitrary code in the victim's context and gain access to sensitive data. Successful exploitation requires the malicious party to tric...

Vulnerabilities fixed in Microsoft Windows

Microsoft has fixed vulnerabilities in Windows. A malicious party can exploit the vulnerabilities to carry out attacks that can lead to the following categories of damage: - Denial-of-Service - Execution of arbitrary code root/admin privileges - Accessing sensitive data - Obtaining elevated...

Vulnerabilities fixed in Siemens products

Siemens has fixed vulnerabilities in several products such as Altair Grid Engine, COMOS, LOGO, SICAM, SIDOOR, SIMATIC, SIPLUS, Spectrum Power and Solid Edge. The vulnerabilities potentially enable a malicious person to carry out attacks that can lead to the following categories of damage: -...

Vulnerabilities fixed in SAP products

SAP has fixed vulnerabilities in several products, including SAP NetWeaver, SAP Business Connector, SAP HANA, and SAP S/4HANA. The vulnerabilities include deserialization, code injection, insufficient validation, and information disclosure. These vulnerabilities can be exploited by attackers to...

Vulnerabilities fixed in Fortinet FortiOS and FortiProxy

Fortinet has fixed vulnerabilities in FortiOS and FortiProxy. The vulnerabilities include a stack-based buffer overflow that allows authenticated attackers to execute unauthorized code via specially crafted CLI commands. In addition, there are issues with incorrect certificate validation that all...

Vulnerability fixed in Cisco Identity Services Engine

Cisco has fixed a vulnerability in Cisco Identity Services Engine. The vulnerability is located in the RADIUS setting of Cisco Identity Services Engine, which can be exploited by unauthenticated remote attackers. This vulnerability allows attackers to cause a logic error, potentially leading to a...

Vulnerabilities fixed in Google Android and Samsung Mobile

Google has fixed vulnerabilities in Android. Samsung has fixed vulnerabilities in Samsung Mobile The vulnerabilities include an out-of-bounds write and read, as well as a vulnerability in USB connection mode that allows local attackers to gain unauthorized access to user data. These vulnerabiliti...

Vulnerabilities fixed in Apple iOS and iPadOS

Apple has fixed vulnerabilities in iOS 26.1 and iPadOS 26.1. The vulnerabilities affected several privacy and security issues, including unauthorized access to user data, the risk of data exfiltration, and memory management vulnerabilities that could lead to unexpected system crashes. Attackers...

Vulnerabilities fixed in Apple macOS

Apple has fixed vulnerabilities in macOS Sonoma 14.8.2, macOS Sequoia 15.7.2 and macOS Tahoe 26.1. The vulnerabilities covered a wide range of issues, including unauthorized access to sensitive user data, race conditions, and logic flaws that could lead to unwanted access or system instability...

Vulnerability fixed in CFMOTO Ride vehicle data management systems

CFMOTO has fixed a vulnerability in the backend of systems that manage vehicle data. The vulnerability is in the way the vehicleId parameter is handled, leading to an Insecure Direct Object Reference IDOR. This allows attackers to gain unauthorized access to sensitive information from other users...

Vulnerabilities fixed in Nagios XI

Nagios has fixed vulnerabilities in Nagios XI Versions before 2024R1.4.2 and 2024R2. The vulnerabilities include a remote code execution vulnerability within the Business Process Intelligence component, insufficient permissions on systemd unit files, unauthorized access to API keys, a command...

Vulnerabilities fixed in Arista Networks products

Arista Networks has fixed vulnerabilities in DANZ. The vulnerabilities include several ways for authenticated users with limited privileges to gain access to sensitive systems and data. These include escaping the CLI sandbox, exploiting SSH port forwarding, and making operating system operations...

Vulnerabilities fixed in IBM QRadar SIEM

IBM has fixed vulnerabilities in IBM QRadar SIEM Specific to Version 7.5.0 Update Pack 13 Independent Fix 02. The vulnerabilities include a stored cross-site scripting XSS vulnerability that allows authenticated users to inject JavaScript into the Web interface. This can lead to compromise of use...

Vulnerability fixed in Progress MOVEit Transfer

Progress has fixed a vulnerability in MOVEit Transfer Specifically for versions 2025.0.0 to 2025.0.3, 2024.1.0 to 2024.1.7, and 2023.1.0 to 2023.1.16. The vulnerability involves uncontrolled resource consumption that can lead to resource depletion, which can affect the performance and availabilit...

Vulnerabilities fixed in Rockwell Automation FactoryTalk

Rockwell Automation has fixed vulnerabilities in FactoryTalk View Machine Edition. The vulnerabilities include an authentication bypass that allows unauthorized access to the PanelView Plus 7 Series B file system and diagnostic information. In addition, there is a path-traversal vulnerability tha...

Vulnerabilities fixed in Rockwell Automation COMMS

Rockwell Automation has fixed vulnerabilities in COMMS NATR systems. The vulnerabilities include multiple broken authentication issues that pose serious risks, including denial-of-service attacks, possible takeovers of admin accounts and improper changes to NAT rules. In addition, there is a Stor...

Vulnerability fixed in Mozilla Firefox

Mozilla has fixed a vulnerability in Firefox Specific for versions before 144.0.2 The vulnerability is in how a compromised child process can exploit a use-after-free issue in the GPU or browser process via WebGPU-related IPC calls. This can lead to a sandbox escape, which compromises the browser...

Vulnerabilities fixed in GitLab Enterprise and Community Edition

GitLab has fixed vulnerabilities in GitLab Community Edition CE and Enterprise Edition EE versions. The vulnerabilities include the ability for unauthenticated attackers to cause denial-of-service conditions by sending specially crafted payloads and GraphQL requests. In addition, authenticated...

Vulnerabilities fixed in BIND 9

ISC has fixed vulnerabilities in BIND 9 Specifically for versions 9.16.0 to 9.16.50, 9.18.0 to 9.18.39, 9.20.0 to 9.20.13, and 9.21.0 to 9.21.12. The vulnerabilities are located in BIND 9's DNS resolvers. The first vulnerability allows attackers to inject forged DNS records into the cache, which...

Vulnerabilities fixed in Microsoft Windows

Microsoft has fixed vulnerabilities in Windows. A malicious party can exploit the vulnerabilities to carry out attacks that can lead to the following categories of damage: - Denial-of-Service - Circumvention of a security measure - Manipulation of data - Execution of arbitrary code user privilege...

Vulnerabilities fixed in Oracle PeopleSoft

Oracle has fixed vulnerabilities in Oracle PeopleSoft Specifically for versions 8.60, 8.61, 8.62 and 9.2. The vulnerabilities in Oracle PeopleSoft allow attackers to gain unauthorized access to sensitive data and can lead to data manipulation. This includes vulnerabilities that allow both low- an...

Vulnerabilities fixed in Oracle MySQL

Oracle has fixed vulnerabilities in Oracle MySQL Specifically for versions 8.0.0-8.0.43, 8.4.0-8.4.6, and 9.0.0-9.4.0. The vulnerabilities in Oracle MySQL allow highly privileged attackers to perform denial-of-service attacks and manipulate data without authorization. This can lead to severe...

Vulnerabilities fixed in Oracle JD Edwards EnterpriseOne Tools

Oracle has fixed vulnerabilities in JD Edwards EnterpriseOne Tools Specifically for versions 9.2.0.0 to 9.2.9.4. The vulnerabilities in JD Edwards EnterpriseOne Tools allow unauthenticated attackers to compromise the system via HTTP, which can lead to unauthorized access and modification of...

Vulnerabilities fixed in Oracle Java

Oracle has fixed vulnerabilities in Oracle Java SE and Oracle GraalVM Specifically for versions 21.0.8 and 25 of Oracle Java SE, and version 21.3.15 of Oracle GraalVM Enterprise Edition. The vulnerabilities allow unauthenticated attackers with network access to compromise systems, which can lead ...

Vulnerabilities fixed in Oracle Hyperion

Oracle has fixed several vulnerabilities in Oracle Hyperion, including Hyperion Financial Management and Hyperion Data Relationship Management. The vulnerabilities in Oracle Hyperion allow unauthenticated attackers to gain access to the system, which can lead to unauthorized data access and...

Vulnerabilities fixed in Oracle Analytics

Oracle has fixed several vulnerabilities in Oracle Analytics products. The vulnerabilities can compromise confidentiality, integrity and availability, with a maximum impact score of "HIGH. Attackers can exploit these vulnerabilities to gain unauthorized access or conduct denial-of-service DoS...

Vulnerabilities fixed in Oracle Financial Services

Oracle has fixed vulnerabilities in Oracle Financial Services components. The vulnerabilities allow unauthenticated attackers to gain unauthorized access to sensitive data over HTTP. This can lead to unauthorized access and modification of critical data, with a CVSS score of 9.8 highlighting the...

Vulnerabilities fixed in Oracle Enterprise Manager

Oracle fixed vulnerabilities in Enterprise Manager The vulnerabilities allow unauthorized attackers to gain access to sensitive data and can lead to denial-of-service DoS attacks. Specifically, the vulnerability in Oracle Enterprise Manager's Security Framework can be exploited by unauthenticated...

Vulnerabilities fixed in Oracle E-Business Suite

Oracle has fixed vulnerabilities in Oracle E-Business Suite Specifically for versions 12.2.3 to 12.2.14. The vulnerabilities are in several components of Oracle E-Business Suite, including iStore, Product Hub, Workflow, Applications Manager, and Marketing. These vulnerabilities allow...

Vulnerabilities fixed in Oracle Communications products

Oracle has fixed several vulnerabilities in its Communications products, including Unified Assurance and Cloud Native Core. The vulnerabilities in Oracle Communications products allow malicious actors to gain unauthorized access, which can lead to partial or full Denial-of-Service DoS attacks...

Vulnerabilities fixed in Oracle Commerce

Oracle has fixed vulnerabilities in several subcomponents of Oracle Commerce products, including Oracle Middleware Common Libraries, Oracle Documaker, Oracle WebCenter Forms Recognition, Oracle WebLogic Server, and Oracle Application Testing Suite. The vulnerabilities allow unauthenticated...

Vulnerabilities fixed in Oracle Database products

Oracle fixed vulnerabilities in Oracle Database Server products Vulnerabilities in Oracle Database Server allow unauthenticated attackers to gain unauthorized access to critical data, which can lead to breaches of data confidentiality, integrity and availability. Specific vulnerabilities, such as...

Vulnerabilities fixed in Zohocorp's ManageEngine

Zohocorp has fixed vulnerabilities in ManageEngine Specifically for ADManager Plus, EndPoint Central and Analytics Plus. The vulnerabilities include an authenticated command injection in ADManager Plus, XML injections in EndPoint Central, and an authenticated SQL injection in Analytics Plus. Thes...

Vulnerabilities fixed in Moxa's network security devices

Moxa has fixed vulnerabilities in their network security devices. The vulnerabilities in Moxa's network security devices include improper authorization that allows unauthorized access to protected API endpoints, as well as an issue with access control mechanisms that can lead to privilege...

Vulnerabilities fixed in Mozilla Firefox and Thunderbird

Mozilla has fixed vulnerabilities in Firefox and Thunderbird Specifically for versions under 144. The vulnerabilities include several problems, including a use-after-free issue, memory security flaws and the ability for a malicious person to access sensitive data or execute arbitrary code. These...

Vulnerabilities fixed in Adobe Experience Manager

Adobe has fixed vulnerabilities in Adobe Experience Manager versions 6.5.23 and earlier. The vulnerabilities are in the configuration of Adobe Experience Manager, which allows attackers to execute arbitrary code without any user interaction. This can lead to unauthorized access and control of...

Vulnerability fixed in FortiOS

Fortinet has fixed a vulnerability in FortiOS multiple versions. The vulnerability is in the way FortiOS handles memory allocation. Authenticated users can exploit this vulnerability by sending specially crafted requests, which can lead to the execution of unauthorized code. This can have serious...

Vulnerability fixed in WatchGuard Fireware OS

WatchGuard has fixed a vulnerability in Fireware OS Specific to certain VPN configurations. The vulnerability is in the way Fireware OS handles Out-of-bounds Write. This allows a malicious, unauthenticated attacker to execute arbitrary code. This could lead to serious consequences for affected...

Vulnerabilities fixed in SAP Products

SAP has fixed vulnerabilities in several SAP products. The vulnerabilities include a deserialization vulnerability that allows unauthenticated attackers to execute arbitrary OS commands, and a CSRF vulnerability that allows authenticated attackers to bypass critical authorization controls. In...

Vulnerabilities fixed in Adobe Commerce

Adobe has fixed vulnerabilities in Adobe Commerce Specifically for versions 2.4.9-alpha2 and earlier. The vulnerabilities include improper authorization that allows low-privileged attackers to bypass security measures, which can lead to unauthorized access to sensitive data without user...

Vulnerabilities fixed in Adobe Illustrator

Adobe has fixed vulnerabilities in Adobe Illustrator Versions 29.7, 28.7.9 and earlier. The vulnerabilities are in how Adobe Illustrator handles malicious files. A malicious party can exploit these vulnerabilities by tricking a user into opening a malicious file, which can lead to the execution o...

Vulnerabilities fixed in Adobe Framemaker

Adobe has fixed vulnerabilities in Adobe Framemaker Versions 2020.9, 2022.7 and earlier. The vulnerabilities are in versions 2020.9, 2022.7 and earlier of Adobe Framemaker. The first vulnerability involves a Use After Free, which can lead to arbitrary code execution when a user opens a specially...