4197 matches found
Vulnerabilities fixed in Microsoft Office
Microsoft has fixed vulnerabilities in several Office products. A malicious party can exploit the vulnerabilities to grant themselves elevated privileges, execute arbitrary code in the victim's context and potentially gain access to sensitive data. Successful exploitation requires the malicious...
Vulnerabilities fixed in Microsoft Windows
Microsoft has fixed vulnerabilities in Windows. A malicious party can exploit the vulnerabilities to carry out attacks that can lead to the following categories of damage: - Denial-of-Service - Execution of arbitrary code root/admin privileges - Accessing sensitive data - Obtaining elevated...
Vulnerabilities fixed in Siemens products
Siemens has fixed vulnerabilities in various products such as Building X, COMOS, Energy Services, Gridscale X, NX, RUGGEDCOM, SICAM, SIMATIC, SINEC, SINEMA, SIPLUS and Solid Edge. The vulnerabilities potentially enable a malicious person to launch attacks that could result in the following...
Vulnerabilities fixed in Splunk Enterprise and Splunk Cloud Platform
Splunk has fixed vulnerabilities in Splunk Enterprise and Splunk Cloud Platform. The vulnerabilities include several issues, including the ability for low-privileged users to create unauthorized dashboards, access sensitive information via mobile notifications, and the injection of ANSI escape...
Vulnerabilities fixed in React Server Components
React has fixed vulnerabilities in certain versions of React Server Components specifically for versions 19.0.0, 19.1.0, 19.1.1 and 19.2.0. An unauthenticated attacker can send a rogue HTTP request to any Server Function endpoint that, when processed by React, can lead to remote code execution on...
Vulnerabilities fixed in Google Android and Samsung Mobile
Google has fixed vulnerabilities in Android. Samsung has fixed vulnerabilities relevant to Samsung mobile in Samsung mobile. The vulnerabilities are primarily related to improper input validation, which can result in system crashes and remote denial of service attacks via malicious base stations...
Vulnerabilities fixed in Mattermost
Mattermost has fixed vulnerabilities in versions 11.0.x through 11.0.3, 10.12.x through 10.12.1, 10.11.x through 10.11.4 and 10.5.x through 10.5.12. The vulnerabilities allow an authenticated attacker to take over an account via a carefully crafted email address during the authentication process...
Vulnerabilities fixed in GitLab
GitLab has fixed vulnerabilities in its Community Edition CE and Enterprise Edition EE versions. The vulnerabilities include the ability for unauthenticated users to cause Denial of Service DoS conditions by submitting malicious JSON requests. In addition, unauthenticated users could join arbitra...
Vulnerabilities fixed in SonicWall Email Security appliances
SonicWall has fixed vulnerabilities in SonicWall Email Security appliances. The vulnerabilities are in the way SonicWall Email Security appliances handle untrusted root filesystem images and directory traversal. An attacker can exploit these vulnerabilities to execute uncontrolled code or gain...
Vulnerability fixed in Progress MOVEit Transfer
Progress has fixed a vulnerability in MOVEit Transfer Specifically for versions before 2024.1.8 and from 2025.0.0 to before 2025.0.4. The vulnerability involves a server-side request forgery SSRF. This vulnerability allows attackers to send unauthorized requests from the server, which can lead to...
Vulnerabilities fixed in Oracle Fusion Middleware
Oracle has fixed vulnerabilities in Oracle Fusion Middleware components. The vulnerabilities allow unauthenticated attackers to access critical data over HTTP, which can lead to partial denial-of-service. The severity of these vulnerabilities is underscored by CVSS scores of 7.5, indicating...
Vulnerabilities fixed in Arista EOS
Arista has fixed vulnerabilities in the Arista EOS platform. The vulnerabilities are related to the processing of malformed messages, which can lead to system crashes and denial-of-service conditions. High-privileged attackers can exploit these vulnerabilities, leading to severe operational...
Vulnerabilities fixed in Fortinet FortiOS
Fortinet has fixed vulnerabilities in FortiOS multiple versions. The vulnerabilities include a stack-based buffer overflow that allows attackers to execute unauthorized code or commands by sending specially crafted packets. A specific vulnerability in the FortiOS CAPWAP daemon allows a remote,...
Vulnerability fixed in Fortinet FortiWeb
Fortinet has fixed a vulnerability in FortiWeb. The vulnerability is in the way Fortinet FortiWeb handles HTTP requests and CLI commands. Authenticated attackers can exploit this vulnerability to execute unauthorized code via carefully crafted HTTP requests or CLI commands. Fortinet has confirmed...
Vulnerabilities fixed in Google Chrome
Google has fixed vulnerabilities in Chrome Specifically for versions prior to 142.0.7444.175. The vulnerabilities are in Google Chrome's V8 engine and allow remote attackers to exploit heap corruption via specially crafted HTML pages, which can lead to unauthorized actions, such as access to...
Vulnerabilities fixed in Cisco Unified Contact Center Express
Cisco has fixed vulnerabilities in Cisco Unified Contact Center Express CCX. The vulnerabilities are in the Java RMI process and the Contact Center Express Editor of Cisco Unified CCX. Unauthenticated attackers can exploit these vulnerabilities to upload files, execute commands with root privileg...
Vulnerabilities fixed in IBM AIX
IBM has fixed vulnerabilities in IBM AIX versions 7.2 and 7.3, as well as in IBM VIOS versions 3.1 and 4.1. The vulnerabilities are related to the insecure storage of NIM private keys, making systems vulnerable to man-in-the-middle attacks. Attackers can also send specially crafted URL requests,...
Vulnerabilities fixed in Zoom Workplace and Zoom Clients
Zoom has fixed vulnerabilities in Zoom Workplace and Zoom Clients Specifically for versions prior to 6.5.10. The vulnerabilities include improper validation of certificates, cross-site scripting, and improper handling of sensitive information, which can lead to unauthorized access and information...
Vulnerabilities fixed in GitLab
GitLab has fixed vulnerabilities in GitLab CE/EE versions for 18.3.6, 18.4.4, and 18.5.2. The vulnerabilities include the ability for attackers to remove Duo authentication flows, access sensitive information via GraphQL subscriptions, and bypass access controls on GitLab Pages. These...
Vulnerability fixed in Fortinet FortiWeb
Fortinet has fixed a vulnerability in FortiWeb. Fortinet has fixed a vulnerability in FortiWeb. The vulnerability marked CVE-2025-64446 involves a relative path traversal vulnerability and allows an unauthenticated remote attacker to execute administrative commands via specially crafted HTTP...
Vulnerabilities fixed in Cisco Catalyst Center
Cisco has fixed vulnerabilities in Cisco Catalyst Center. This vulnerability with reference CVE-2025-20341, arises from insufficient validation of user input. A malicious party could exploit this, by sending a specially crafted HTTP request, enabling unauthorized system changes, such as creating...
Vulnerability fixed in Adobe Photoshop
Adobe has fixed a vulnerability in Adobe Photoshop Desktop versions 26.8.1 and earlier. The vulnerability is in the way Adobe Photoshop handles files. This vulnerability can lead to arbitrary code execution when a user opens a malicious file. Adobe has released updates to fix the vulnerability. S...
Vulnerabilities fixed in Adobe Illustrator
Adobe has fixed vulnerabilities in Adobe Illustrator Specifically for versions 28.7.10, 28.8.2 and earlier, as well as Illustrator on iPad versions 3.0.9 and earlier. The vulnerabilities are in how Adobe Illustrator and Illustrator on iPad handle specially crafted files. These vulnerabilities can...
Vulnerabilities fixed in Microsoft Visual Studio
Microsoft has fixed vulnerabilities in Visual Studio and Code Copilot for Visual Studio. A malicious party could exploit the vulnerabilities to bypass security measures and execute arbitrary code in the victim's context. For successful exploitation, the malicious party must trick the victim into...
Vulnerability fixed in Microsoft SQL Server
Microsoft has fixed a vulnerability in SQL Server. An authenticated malicious party can exploit the vulnerability to use specially prepared SQL statements SQL Injection to grant themselves elevated privileges and thus gain access to sensitive information that the malicious party is not initially...
Vulnerabilities fixed in Microsoft Dynamics
Microsoft fixed vulnerabilities in Dynamics The vulnerabilities are in Dynamics 365 On Premise and Dynamics Field Service and allow a malicious person to access sensitive data, or impersonate another user. Microsoft has made updates available that fix the described vulnerabilities. We encourage y...
Vulnerabilities fixed in Microsoft Office
Microsoft has fixed vulnerabilities in several Office products. A malicious party can exploit the vulnerabilities to grant themselves elevated privileges, execute arbitrary code in the victim's context and gain access to sensitive data. Successful exploitation requires the malicious party to tric...
Vulnerabilities fixed in Microsoft Windows
Microsoft has fixed vulnerabilities in Windows. A malicious party can exploit the vulnerabilities to carry out attacks that can lead to the following categories of damage: - Denial-of-Service - Execution of arbitrary code root/admin privileges - Accessing sensitive data - Obtaining elevated...
Vulnerabilities fixed in Siemens products
Siemens has fixed vulnerabilities in several products such as Altair Grid Engine, COMOS, LOGO, SICAM, SIDOOR, SIMATIC, SIPLUS, Spectrum Power and Solid Edge. The vulnerabilities potentially enable a malicious person to carry out attacks that can lead to the following categories of damage: -...
Vulnerabilities fixed in SAP products
SAP has fixed vulnerabilities in several products, including SAP NetWeaver, SAP Business Connector, SAP HANA, and SAP S/4HANA. The vulnerabilities include deserialization, code injection, insufficient validation, and information disclosure. These vulnerabilities can be exploited by attackers to...
Vulnerabilities fixed in Fortinet FortiOS and FortiProxy
Fortinet has fixed vulnerabilities in FortiOS and FortiProxy. The vulnerabilities include a stack-based buffer overflow that allows authenticated attackers to execute unauthorized code via specially crafted CLI commands. In addition, there are issues with incorrect certificate validation that all...
Vulnerability fixed in Cisco Identity Services Engine
Cisco has fixed a vulnerability in Cisco Identity Services Engine. The vulnerability is located in the RADIUS setting of Cisco Identity Services Engine, which can be exploited by unauthenticated remote attackers. This vulnerability allows attackers to cause a logic error, potentially leading to a...
Vulnerabilities fixed in Google Android and Samsung Mobile
Google has fixed vulnerabilities in Android. Samsung has fixed vulnerabilities in Samsung Mobile The vulnerabilities include an out-of-bounds write and read, as well as a vulnerability in USB connection mode that allows local attackers to gain unauthorized access to user data. These vulnerabiliti...
Vulnerabilities fixed in Apple iOS and iPadOS
Apple has fixed vulnerabilities in iOS 26.1 and iPadOS 26.1. The vulnerabilities affected several privacy and security issues, including unauthorized access to user data, the risk of data exfiltration, and memory management vulnerabilities that could lead to unexpected system crashes. Attackers...
Vulnerabilities fixed in Apple macOS
Apple has fixed vulnerabilities in macOS Sonoma 14.8.2, macOS Sequoia 15.7.2 and macOS Tahoe 26.1. The vulnerabilities covered a wide range of issues, including unauthorized access to sensitive user data, race conditions, and logic flaws that could lead to unwanted access or system instability...
Vulnerability fixed in CFMOTO Ride vehicle data management systems
CFMOTO has fixed a vulnerability in the backend of systems that manage vehicle data. The vulnerability is in the way the vehicleId parameter is handled, leading to an Insecure Direct Object Reference IDOR. This allows attackers to gain unauthorized access to sensitive information from other users...
Vulnerabilities fixed in Nagios XI
Nagios has fixed vulnerabilities in Nagios XI Versions before 2024R1.4.2 and 2024R2. The vulnerabilities include a remote code execution vulnerability within the Business Process Intelligence component, insufficient permissions on systemd unit files, unauthorized access to API keys, a command...
Vulnerabilities fixed in Arista Networks products
Arista Networks has fixed vulnerabilities in DANZ. The vulnerabilities include several ways for authenticated users with limited privileges to gain access to sensitive systems and data. These include escaping the CLI sandbox, exploiting SSH port forwarding, and making operating system operations...
Vulnerabilities fixed in IBM QRadar SIEM
IBM has fixed vulnerabilities in IBM QRadar SIEM Specific to Version 7.5.0 Update Pack 13 Independent Fix 02. The vulnerabilities include a stored cross-site scripting XSS vulnerability that allows authenticated users to inject JavaScript into the Web interface. This can lead to compromise of use...
Vulnerability fixed in Progress MOVEit Transfer
Progress has fixed a vulnerability in MOVEit Transfer Specifically for versions 2025.0.0 to 2025.0.3, 2024.1.0 to 2024.1.7, and 2023.1.0 to 2023.1.16. The vulnerability involves uncontrolled resource consumption that can lead to resource depletion, which can affect the performance and availabilit...
Vulnerabilities fixed in Rockwell Automation FactoryTalk
Rockwell Automation has fixed vulnerabilities in FactoryTalk View Machine Edition. The vulnerabilities include an authentication bypass that allows unauthorized access to the PanelView Plus 7 Series B file system and diagnostic information. In addition, there is a path-traversal vulnerability tha...
Vulnerabilities fixed in Rockwell Automation COMMS
Rockwell Automation has fixed vulnerabilities in COMMS NATR systems. The vulnerabilities include multiple broken authentication issues that pose serious risks, including denial-of-service attacks, possible takeovers of admin accounts and improper changes to NAT rules. In addition, there is a Stor...
Vulnerability fixed in Mozilla Firefox
Mozilla has fixed a vulnerability in Firefox Specific for versions before 144.0.2 The vulnerability is in how a compromised child process can exploit a use-after-free issue in the GPU or browser process via WebGPU-related IPC calls. This can lead to a sandbox escape, which compromises the browser...
Vulnerabilities fixed in GitLab Enterprise and Community Edition
GitLab has fixed vulnerabilities in GitLab Community Edition CE and Enterprise Edition EE versions. The vulnerabilities include the ability for unauthenticated attackers to cause denial-of-service conditions by sending specially crafted payloads and GraphQL requests. In addition, authenticated...
Vulnerabilities fixed in BIND 9
ISC has fixed vulnerabilities in BIND 9 Specifically for versions 9.16.0 to 9.16.50, 9.18.0 to 9.18.39, 9.20.0 to 9.20.13, and 9.21.0 to 9.21.12. The vulnerabilities are located in BIND 9's DNS resolvers. The first vulnerability allows attackers to inject forged DNS records into the cache, which...
Vulnerabilities fixed in Microsoft Windows
Microsoft has fixed vulnerabilities in Windows. A malicious party can exploit the vulnerabilities to carry out attacks that can lead to the following categories of damage: - Denial-of-Service - Circumvention of a security measure - Manipulation of data - Execution of arbitrary code user privilege...
Vulnerabilities fixed in Oracle PeopleSoft
Oracle has fixed vulnerabilities in Oracle PeopleSoft Specifically for versions 8.60, 8.61, 8.62 and 9.2. The vulnerabilities in Oracle PeopleSoft allow attackers to gain unauthorized access to sensitive data and can lead to data manipulation. This includes vulnerabilities that allow both low- an...
Vulnerabilities fixed in Oracle MySQL
Oracle has fixed vulnerabilities in Oracle MySQL Specifically for versions 8.0.0-8.0.43, 8.4.0-8.4.6, and 9.0.0-9.4.0. The vulnerabilities in Oracle MySQL allow highly privileged attackers to perform denial-of-service attacks and manipulate data without authorization. This can lead to severe...
Vulnerabilities fixed in Oracle JD Edwards EnterpriseOne Tools
Oracle has fixed vulnerabilities in JD Edwards EnterpriseOne Tools Specifically for versions 9.2.0.0 to 9.2.9.4. The vulnerabilities in JD Edwards EnterpriseOne Tools allow unauthenticated attackers to compromise the system via HTTP, which can lead to unauthorized access and modification of...
Vulnerabilities fixed in Oracle Java
Oracle has fixed vulnerabilities in Oracle Java SE and Oracle GraalVM Specifically for versions 21.0.8 and 25 of Oracle Java SE, and version 21.3.15 of Oracle GraalVM Enterprise Edition. The vulnerabilities allow unauthenticated attackers with network access to compromise systems, which can lead ...