Lucene search
K

4197 matches found

NCSC
NCSC
•added 2025/12/09 6:40 p.m.•8 views

Vulnerabilities fixed in Microsoft Office

Microsoft has fixed vulnerabilities in several Office products. A malicious party can exploit the vulnerabilities to grant themselves elevated privileges, execute arbitrary code in the victim's context and potentially gain access to sensitive data. Successful exploitation requires the malicious...

9CVSS7.3AI score0.0103EPSS
Exploits0
NCSC
NCSC
•added 2025/12/09 6:39 p.m.•17 views

Vulnerabilities fixed in Microsoft Windows

Microsoft has fixed vulnerabilities in Windows. A malicious party can exploit the vulnerabilities to carry out attacks that can lead to the following categories of damage: - Denial-of-Service - Execution of arbitrary code root/admin privileges - Accessing sensitive data - Obtaining elevated...

8.8CVSS9.8AI score0.02383EPSS
Exploits2
NCSC
NCSC
•added 2025/12/09 1:15 p.m.•24 views

Vulnerabilities fixed in Siemens products

Siemens has fixed vulnerabilities in various products such as Building X, COMOS, Energy Services, Gridscale X, NX, RUGGEDCOM, SICAM, SIMATIC, SINEC, SINEMA, SIPLUS and Solid Edge. The vulnerabilities potentially enable a malicious person to launch attacks that could result in the following...

10CVSS7.7AI score0.89063EPSS
Exploits158References14
NCSC
NCSC
•added 2025/12/08 8:23 a.m.•10 views

Vulnerabilities fixed in Splunk Enterprise and Splunk Cloud Platform

Splunk has fixed vulnerabilities in Splunk Enterprise and Splunk Cloud Platform. The vulnerabilities include several issues, including the ability for low-privileged users to create unauthorized dashboards, access sensitive information via mobile notifications, and the injection of ANSI escape...

8.7CVSS7.3AI score0.00488EPSS
Exploits1References8
NCSC
NCSC
•added 2025/12/05 12:13 p.m.•10 views

Vulnerabilities fixed in React Server Components

React has fixed vulnerabilities in certain versions of React Server Components specifically for versions 19.0.0, 19.1.0, 19.1.1 and 19.2.0. An unauthenticated attacker can send a rogue HTTP request to any Server Function endpoint that, when processed by React, can lead to remote code execution on...

10CVSS8.6AI score0.99562EPSS
Exploits388References5
NCSC
NCSC
•added 2025/12/02 1:25 p.m.•16 views

Vulnerabilities fixed in Google Android and Samsung Mobile

Google has fixed vulnerabilities in Android. Samsung has fixed vulnerabilities relevant to Samsung mobile in Samsung mobile. The vulnerabilities are primarily related to improper input validation, which can result in system crashes and remote denial of service attacks via malicious base stations...

9.8CVSS7.8AI score0.00591EPSS
Exploits5References2
NCSC
NCSC
•added 2025/11/28 9:53 a.m.•39 views

Vulnerabilities fixed in Mattermost

Mattermost has fixed vulnerabilities in versions 11.0.x through 11.0.3, 10.12.x through 10.12.1, 10.11.x through 10.11.4 and 10.5.x through 10.5.12. The vulnerabilities allow an authenticated attacker to take over an account via a carefully crafted email address during the authentication process...

9.9CVSS7AI score0.0031EPSS
Exploits0References1
NCSC
NCSC
•added 2025/11/27 1:35 p.m.•5 views

Vulnerabilities fixed in GitLab

GitLab has fixed vulnerabilities in its Community Edition CE and Enterprise Edition EE versions. The vulnerabilities include the ability for unauthenticated users to cause Denial of Service DoS conditions by submitting malicious JSON requests. In addition, unauthenticated users could join arbitra...

7.7CVSS7AI score0.00443EPSS
Exploits0References1
NCSC
NCSC
•added 2025/11/21 4:6 p.m.•7 views

Vulnerabilities fixed in SonicWall Email Security appliances

SonicWall has fixed vulnerabilities in SonicWall Email Security appliances. The vulnerabilities are in the way SonicWall Email Security appliances handle untrusted root filesystem images and directory traversal. An attacker can exploit these vulnerabilities to execute uncontrolled code or gain...

9.8CVSS7.7AI score0.00299EPSS
Exploits0References1
NCSC
NCSC
•added 2025/11/21 4:6 p.m.•7 views

Vulnerability fixed in Progress MOVEit Transfer

Progress has fixed a vulnerability in MOVEit Transfer Specifically for versions before 2024.1.8 and from 2025.0.0 to before 2025.0.4. The vulnerability involves a server-side request forgery SSRF. This vulnerability allows attackers to send unauthorized requests from the server, which can lead to...

6.9CVSS6.8AI score0.00238EPSS
Exploits0References3
NCSC
NCSC
•added 2025/11/21 4:3 p.m.•14 views

Vulnerabilities fixed in Oracle Fusion Middleware

Oracle has fixed vulnerabilities in Oracle Fusion Middleware components. The vulnerabilities allow unauthenticated attackers to access critical data over HTTP, which can lead to partial denial-of-service. The severity of these vulnerabilities is underscored by CVSS scores of 7.5, indicating...

9.8CVSS6.9AI score0.88312EPSS
Exploits10References1
NCSC
NCSC
•added 2025/11/20 11:48 a.m.•15 views

Vulnerabilities fixed in Arista EOS

Arista has fixed vulnerabilities in the Arista EOS platform. The vulnerabilities are related to the processing of malformed messages, which can lead to system crashes and denial-of-service conditions. High-privileged attackers can exploit these vulnerabilities, leading to severe operational...

7.1AI score0.00386EPSS
Exploits0References2
NCSC
NCSC
•added 2025/11/19 8:35 a.m.•10 views

Vulnerabilities fixed in Fortinet FortiOS

Fortinet has fixed vulnerabilities in FortiOS multiple versions. The vulnerabilities include a stack-based buffer overflow that allows attackers to execute unauthorized code or commands by sending specially crafted packets. A specific vulnerability in the FortiOS CAPWAP daemon allows a remote,...

7.5CVSS7.8AI score0.0056EPSS
Exploits0References3
NCSC
NCSC
•added 2025/11/19 8:34 a.m.•9 views

Vulnerability fixed in Fortinet FortiWeb

Fortinet has fixed a vulnerability in FortiWeb. The vulnerability is in the way Fortinet FortiWeb handles HTTP requests and CLI commands. Authenticated attackers can exploit this vulnerability to execute unauthorized code via carefully crafted HTTP requests or CLI commands. Fortinet has confirmed...

7.2CVSS7.2AI score0.5511EPSS
Exploits9References2
NCSC
NCSC
•added 2025/11/18 9:1 a.m.•10 views

Vulnerabilities fixed in Google Chrome

Google has fixed vulnerabilities in Chrome Specifically for versions prior to 142.0.7444.175. The vulnerabilities are in Google Chrome's V8 engine and allow remote attackers to exploit heap corruption via specially crafted HTML pages, which can lead to unauthorized actions, such as access to...

8.8CVSS6.9AI score0.04835EPSS
Exploits1References1
NCSC
NCSC
•added 2025/11/18 7:4 a.m.•9 views

Vulnerabilities fixed in Cisco Unified Contact Center Express

Cisco has fixed vulnerabilities in Cisco Unified Contact Center Express CCX. The vulnerabilities are in the Java RMI process and the Contact Center Express Editor of Cisco Unified CCX. Unauthenticated attackers can exploit these vulnerabilities to upload files, execute commands with root privileg...

9.8CVSS8.4AI score0.00931EPSS
Exploits0References1
NCSC
NCSC
•added 2025/11/18 7:3 a.m.•8 views

Vulnerabilities fixed in IBM AIX

IBM has fixed vulnerabilities in IBM AIX versions 7.2 and 7.3, as well as in IBM VIOS versions 3.1 and 4.1. The vulnerabilities are related to the insecure storage of NIM private keys, making systems vulnerable to man-in-the-middle attacks. Attackers can also send specially crafted URL requests,...

10CVSS7.3AI score0.00655EPSS
Exploits0References1
NCSC
NCSC
•added 2025/11/18 7:2 a.m.•8 views

Vulnerabilities fixed in Zoom Workplace and Zoom Clients

Zoom has fixed vulnerabilities in Zoom Workplace and Zoom Clients Specifically for versions prior to 6.5.10. The vulnerabilities include improper validation of certificates, cross-site scripting, and improper handling of sensitive information, which can lead to unauthorized access and information...

9.8CVSS6.5AI score0.00411EPSS
Exploits0References9
NCSC
NCSC
•added 2025/11/18 7:1 a.m.•11 views

Vulnerabilities fixed in GitLab

GitLab has fixed vulnerabilities in GitLab CE/EE versions for 18.3.6, 18.4.4, and 18.5.2. The vulnerabilities include the ability for attackers to remove Duo authentication flows, access sensitive information via GraphQL subscriptions, and bypass access controls on GitLab Pages. These...

7.8CVSS7.8AI score0.0041EPSS
Exploits4References1
NCSC
NCSC
•added 2025/11/15 2:57 p.m.•14 views

Vulnerability fixed in Fortinet FortiWeb

Fortinet has fixed a vulnerability in FortiWeb. Fortinet has fixed a vulnerability in FortiWeb. The vulnerability marked CVE-2025-64446 involves a relative path traversal vulnerability and allows an unauthenticated remote attacker to execute administrative commands via specially crafted HTTP...

9.8CVSS7AI score0.8936EPSS
Exploits17References5
NCSC
NCSC
•added 2025/11/14 12:55 p.m.•35 views

Vulnerabilities fixed in Cisco Catalyst Center

Cisco has fixed vulnerabilities in Cisco Catalyst Center. This vulnerability with reference CVE-2025-20341, arises from insufficient validation of user input. A malicious party could exploit this, by sending a specially crafted HTTP request, enabling unauthorized system changes, such as creating...

8.8CVSS6.9AI score0.00509EPSS
Exploits0References4
NCSC
NCSC
•added 2025/11/12 12:17 p.m.•6 views

Vulnerability fixed in Adobe Photoshop

Adobe has fixed a vulnerability in Adobe Photoshop Desktop versions 26.8.1 and earlier. The vulnerability is in the way Adobe Photoshop handles files. This vulnerability can lead to arbitrary code execution when a user opens a malicious file. Adobe has released updates to fix the vulnerability. S...

7.8CVSS7.6AI score0.00325EPSS
Exploits0References1
NCSC
NCSC
•added 2025/11/12 11:56 a.m.•10 views

Vulnerabilities fixed in Adobe Illustrator

Adobe has fixed vulnerabilities in Adobe Illustrator Specifically for versions 28.7.10, 28.8.2 and earlier, as well as Illustrator on iPad versions 3.0.9 and earlier. The vulnerabilities are in how Adobe Illustrator and Illustrator on iPad handle specially crafted files. These vulnerabilities can...

7.8CVSS7.9AI score0.00303EPSS
Exploits0References2
NCSC
NCSC
•added 2025/11/11 6:35 p.m.•30 views

Vulnerabilities fixed in Microsoft Visual Studio

Microsoft has fixed vulnerabilities in Visual Studio and Code Copilot for Visual Studio. A malicious party could exploit the vulnerabilities to bypass security measures and execute arbitrary code in the victim's context. For successful exploitation, the malicious party must trick the victim into...

8.8CVSS6.2AI score0.01014EPSS
Exploits0
NCSC
NCSC
•added 2025/11/11 6:34 p.m.•9 views

Vulnerability fixed in Microsoft SQL Server

Microsoft has fixed a vulnerability in SQL Server. An authenticated malicious party can exploit the vulnerability to use specially prepared SQL statements SQL Injection to grant themselves elevated privileges and thus gain access to sensitive information that the malicious party is not initially...

8.8CVSS5.8AI score0.01101EPSS
Exploits0
NCSC
NCSC
•added 2025/11/11 6:33 p.m.•5 views

Vulnerabilities fixed in Microsoft Dynamics

Microsoft fixed vulnerabilities in Dynamics The vulnerabilities are in Dynamics 365 On Premise and Dynamics Field Service and allow a malicious person to access sensitive data, or impersonate another user. Microsoft has made updates available that fix the described vulnerabilities. We encourage y...

8.7CVSS5.5AI score0.00898EPSS
Exploits0
NCSC
NCSC
•added 2025/11/11 6:31 p.m.•10 views

Vulnerabilities fixed in Microsoft Office

Microsoft has fixed vulnerabilities in several Office products. A malicious party can exploit the vulnerabilities to grant themselves elevated privileges, execute arbitrary code in the victim's context and gain access to sensitive data. Successful exploitation requires the malicious party to tric...

9.8CVSS6.6AI score0.05793EPSS
Exploits0
NCSC
NCSC
•added 2025/11/11 6:29 p.m.•7 views

Vulnerabilities fixed in Microsoft Windows

Microsoft has fixed vulnerabilities in Windows. A malicious party can exploit the vulnerabilities to carry out attacks that can lead to the following categories of damage: - Denial-of-Service - Execution of arbitrary code root/admin privileges - Accessing sensitive data - Obtaining elevated...

9.8CVSS8.6AI score0.06073EPSS
Exploits9
NCSC
NCSC
•added 2025/11/11 6:14 p.m.•7 views

Vulnerabilities fixed in Siemens products

Siemens has fixed vulnerabilities in several products such as Altair Grid Engine, COMOS, LOGO, SICAM, SIDOOR, SIMATIC, SIPLUS, Spectrum Power and Solid Edge. The vulnerabilities potentially enable a malicious person to carry out attacks that can lead to the following categories of damage: -...

9.3CVSS8.6AI score0.0118EPSS
Exploits0References6
NCSC
NCSC
•added 2025/11/11 12:15 p.m.•11 views

Vulnerabilities fixed in SAP products

SAP has fixed vulnerabilities in several products, including SAP NetWeaver, SAP Business Connector, SAP HANA, and SAP S/4HANA. The vulnerabilities include deserialization, code injection, insufficient validation, and information disclosure. These vulnerabilities can be exploited by attackers to...

10CVSS8.4AI score0.02882EPSS
Exploits1References1
NCSC
NCSC
•added 2025/11/07 10:7 a.m.•18 views

Vulnerabilities fixed in Fortinet FortiOS and FortiProxy

Fortinet has fixed vulnerabilities in FortiOS and FortiProxy. The vulnerabilities include a stack-based buffer overflow that allows authenticated attackers to execute unauthorized code via specially crafted CLI commands. In addition, there are issues with incorrect certificate validation that all...

7.8CVSS7.3AI score0.00398EPSS
Exploits2References6
NCSC
NCSC
•added 2025/11/06 12:36 p.m.•7 views

Vulnerability fixed in Cisco Identity Services Engine

Cisco has fixed a vulnerability in Cisco Identity Services Engine. The vulnerability is located in the RADIUS setting of Cisco Identity Services Engine, which can be exploited by unauthenticated remote attackers. This vulnerability allows attackers to cause a logic error, potentially leading to a...

8.6CVSS6.9AI score0.00671EPSS
Exploits0References1
NCSC
NCSC
•added 2025/11/04 3:3 p.m.•18 views

Vulnerabilities fixed in Google Android and Samsung Mobile

Google has fixed vulnerabilities in Android. Samsung has fixed vulnerabilities in Samsung Mobile The vulnerabilities include an out-of-bounds write and read, as well as a vulnerability in USB connection mode that allows local attackers to gain unauthorized access to user data. These vulnerabiliti...

8CVSS7.2AI score0.00911EPSS
Exploits8References2
NCSC
NCSC
•added 2025/11/04 12:53 p.m.•11 views

Vulnerabilities fixed in Apple iOS and iPadOS

Apple has fixed vulnerabilities in iOS 26.1 and iPadOS 26.1. The vulnerabilities affected several privacy and security issues, including unauthorized access to user data, the risk of data exfiltration, and memory management vulnerabilities that could lead to unexpected system crashes. Attackers...

8.8CVSS6.5AI score0.01378EPSS
Exploits1References1
NCSC
NCSC
•added 2025/11/04 12:44 p.m.•19 views

Vulnerabilities fixed in Apple macOS

Apple has fixed vulnerabilities in macOS Sonoma 14.8.2, macOS Sequoia 15.7.2 and macOS Tahoe 26.1. The vulnerabilities covered a wide range of issues, including unauthorized access to sensitive user data, race conditions, and logic flaws that could lead to unwanted access or system instability...

9.8CVSS6.6AI score0.03239EPSS
Exploits80References3
NCSC
NCSC
•added 2025/11/04 10:27 a.m.•8 views

Vulnerability fixed in CFMOTO Ride vehicle data management systems

CFMOTO has fixed a vulnerability in the backend of systems that manage vehicle data. The vulnerability is in the way the vehicleId parameter is handled, leading to an Insecure Direct Object Reference IDOR. This allows attackers to gain unauthorized access to sensitive information from other users...

8.5CVSS6.7AI score0.00155EPSS
Exploits0References1
NCSC
NCSC
•added 2025/11/03 8:27 a.m.•10 views

Vulnerabilities fixed in Nagios XI

Nagios has fixed vulnerabilities in Nagios XI Versions before 2024R1.4.2 and 2024R2. The vulnerabilities include a remote code execution vulnerability within the Business Process Intelligence component, insufficient permissions on systemd unit files, unauthorized access to API keys, a command...

9.4CVSS8.9AI score0.04188EPSS
Exploits0References1
NCSC
NCSC
•added 2025/11/03 8:26 a.m.•5 views

Vulnerabilities fixed in Arista Networks products

Arista Networks has fixed vulnerabilities in DANZ. The vulnerabilities include several ways for authenticated users with limited privileges to gain access to sensitive systems and data. These include escaping the CLI sandbox, exploiting SSH port forwarding, and making operating system operations...

7.8CVSS7AI score0.00221EPSS
Exploits0References1
NCSC
NCSC
•added 2025/11/03 8:17 a.m.•16 views

Vulnerabilities fixed in IBM QRadar SIEM

IBM has fixed vulnerabilities in IBM QRadar SIEM Specific to Version 7.5.0 Update Pack 13 Independent Fix 02. The vulnerabilities include a stored cross-site scripting XSS vulnerability that allows authenticated users to inject JavaScript into the Web interface. This can lead to compromise of use...

8.5CVSS6AI score0.00163EPSS
Exploits0References2
NCSC
NCSC
•added 2025/11/03 8:14 a.m.•7 views

Vulnerability fixed in Progress MOVEit Transfer

Progress has fixed a vulnerability in MOVEit Transfer Specifically for versions 2025.0.0 to 2025.0.3, 2024.1.0 to 2024.1.7, and 2023.1.0 to 2023.1.16. The vulnerability involves uncontrolled resource consumption that can lead to resource depletion, which can affect the performance and availabilit...

8.2CVSS6.8AI score0.00466EPSS
Exploits0References1
NCSC
NCSC
•added 2025/10/31 9:35 a.m.•21 views

Vulnerabilities fixed in Rockwell Automation FactoryTalk

Rockwell Automation has fixed vulnerabilities in FactoryTalk View Machine Edition. The vulnerabilities include an authentication bypass that allows unauthorized access to the PanelView Plus 7 Series B file system and diagnostic information. In addition, there is a path-traversal vulnerability tha...

9.8CVSS7.5AI score0.00567EPSS
Exploits0References3
NCSC
NCSC
•added 2025/10/31 9:34 a.m.•8 views

Vulnerabilities fixed in Rockwell Automation COMMS

Rockwell Automation has fixed vulnerabilities in COMMS NATR systems. The vulnerabilities include multiple broken authentication issues that pose serious risks, including denial-of-service attacks, possible takeovers of admin accounts and improper changes to NAT rules. In addition, there is a Stor...

9.9CVSS6.2AI score0.0052EPSS
Exploits0References1
NCSC
NCSC
•added 2025/10/31 9:31 a.m.•5 views

Vulnerability fixed in Mozilla Firefox

Mozilla has fixed a vulnerability in Firefox Specific for versions before 144.0.2 The vulnerability is in how a compromised child process can exploit a use-after-free issue in the GPU or browser process via WebGPU-related IPC calls. This can lead to a sandbox escape, which compromises the browser...

9.8CVSS7.7AI score0.00308EPSS
Exploits0References1
NCSC
NCSC
•added 2025/10/27 9:38 a.m.•10 views

Vulnerabilities fixed in GitLab Enterprise and Community Edition

GitLab has fixed vulnerabilities in GitLab Community Edition CE and Enterprise Edition EE versions. The vulnerabilities include the ability for unauthenticated attackers to cause denial-of-service conditions by sending specially crafted payloads and GraphQL requests. In addition, authenticated...

8.8CVSS7.1AI score0.00773EPSS
Exploits0References1
NCSC
NCSC
•added 2025/10/27 8:24 a.m.•8 views

Vulnerabilities fixed in BIND 9

ISC has fixed vulnerabilities in BIND 9 Specifically for versions 9.16.0 to 9.16.50, 9.18.0 to 9.18.39, 9.20.0 to 9.20.13, and 9.21.0 to 9.21.12. The vulnerabilities are located in BIND 9's DNS resolvers. The first vulnerability allows attackers to inject forged DNS records into the cache, which...

8.6CVSS7.1AI score0.1096EPSS
Exploits1References3
NCSC
NCSC
•added 2025/10/24 11:9 a.m.•23 views

Vulnerabilities fixed in Microsoft Windows

Microsoft has fixed vulnerabilities in Windows. A malicious party can exploit the vulnerabilities to carry out attacks that can lead to the following categories of damage: - Denial-of-Service - Circumvention of a security measure - Manipulation of data - Execution of arbitrary code user privilege...

9.9CVSS7.2AI score0.99962EPSS
Exploits32References1
NCSC
NCSC
•added 2025/10/23 2:13 p.m.•16 views

Vulnerabilities fixed in Oracle PeopleSoft

Oracle has fixed vulnerabilities in Oracle PeopleSoft Specifically for versions 8.60, 8.61, 8.62 and 9.2. The vulnerabilities in Oracle PeopleSoft allow attackers to gain unauthorized access to sensitive data and can lead to data manipulation. This includes vulnerabilities that allow both low- an...

9.4CVSS7AI score0.02164EPSS
Exploits15References1
NCSC
NCSC
•added 2025/10/23 2:11 p.m.•13 views

Vulnerabilities fixed in Oracle MySQL

Oracle has fixed vulnerabilities in Oracle MySQL Specifically for versions 8.0.0-8.0.43, 8.4.0-8.4.6, and 9.0.0-9.4.0. The vulnerabilities in Oracle MySQL allow highly privileged attackers to perform denial-of-service attacks and manipulate data without authorization. This can lead to severe...

9.8CVSS6.6AI score0.73495EPSS
Exploits15References1
NCSC
NCSC
•added 2025/10/23 1:53 p.m.•6 views

Vulnerabilities fixed in Oracle JD Edwards EnterpriseOne Tools

Oracle has fixed vulnerabilities in JD Edwards EnterpriseOne Tools Specifically for versions 9.2.0.0 to 9.2.9.4. The vulnerabilities in JD Edwards EnterpriseOne Tools allow unauthenticated attackers to compromise the system via HTTP, which can lead to unauthorized access and modification of...

10CVSS6.8AI score0.23932EPSS
Exploits3References1
NCSC
NCSC
•added 2025/10/23 1:51 p.m.•8 views

Vulnerabilities fixed in Oracle Java

Oracle has fixed vulnerabilities in Oracle Java SE and Oracle GraalVM Specifically for versions 21.0.8 and 25 of Oracle Java SE, and version 21.3.15 of Oracle GraalVM Enterprise Edition. The vulnerabilities allow unauthenticated attackers with network access to compromise systems, which can lead ...

7.5CVSS6.8AI score0.01011EPSS
Exploits0References1
Total number of security vulnerabilities4197