4179 matches found
Vulnerabilities fixed in Ivanti Endpoint Manager
Ivanti has fixed vulnerabilities in Ivanti Endpoint Manager. The vulnerabilities include an insecure deserialization, a path traversal and multiple SQL injection vulnerabilities. The insecure deserialization can be exploited by local, authenticated attackers to gain elevated privileges, leading t...
Vulnerabilities fixed in Veeam Backup & Replication
Veeam has fixed vulnerabilities in Veeam Backup & Replication. The vulnerabilities are in Veeam Backup & Replication's Mount service and Backup Server, both of which are vulnerable to remote code execution RCE by authenticated domain users. This can lead to unauthorized access and manipulation of...
Vulnerability fixed in Microsoft SQL Server
Microsoft has fixed a vulnerability in the JDBC driver for SQL Server. A malicious party could exploit the vulnerability to gain access to sensitive data, such as login credentials, through a Server-in-the-Middle attack. For successful exploitation, the malicious party must trick the victim into...
Vulnerabilities fixed in Microsoft Office
Microsoft has fixed vulnerabilities in several Office products. A malicious party could exploit the vulnerabilities to cause a denial-of-service, execute arbitrary code with the victim's privileges, or gain access to sensitive data in the victim's context. Successful exploitation requires the...
Vulnerabilities fixed in Microsoft System Center
Microsoft has fixed vulnerabilities in System Center Configuration Manager. A malicious party could exploit the vulnerabilities to grant themselves elevated privileges, potentially gaining access to sensitive data or executing arbitrary code with elevated privileges. For successful misuse, the...
Vulnerabilities fixed in Microsoft Developer Tools
Microsoft has fixed vulnerabilities in several Developer Tools. A malicious party could exploit the vulnerabilities to grant themselves elevated privileges, bypass security measures and gain access to sensitive data. The most serious vulnerability has been assigned CVE-2025-55315 and is located i...
Vulnerabilities fixed in Microsoft Exchange
Microsoft has fixed vulnerabilities in Exchange Server. A malicious person could exploit the vulnerabilities to impersonate another user and grant themselves elevated privileges. For successful abuse, the malicious party must have prior authentication. Microsoft has made updates available that fi...
Vulnerabilities fixed in Microsoft Azure
Microsoft has fixed vulnerabilities in several Azure components. A malicious party could exploit the vulnerabilities to impersonate another user and potentially grant themselves elevated privileges, in order to gain access to sensitive data or execute arbitrary code with elevated privileges. The...
Vulnerabilities fixed in Siemens products
Siemens has fixed vulnerabilities in several products such as SIMATIC, SINEC, SIPLUS and Solid Edge. The vulnerabilities potentially enable a malicious person to carry out attacks that can lead to the following categories of damage: - Denial-of-Service DoS - Manipulation of data - Circumvention o...
Vulnerabilities fixed in Juniper Networks Junos Space
Juniper has fixed vulnerabilities in Junos Space Specifically for all versions prior to 24.1R4. The vulnerabilities are in the way Juniper Networks Junos Space processes user input. Attackers can inject malicious scripts into various pages, such as the Device Template Definition, Global Search, a...
Vulnerability fixed in Oracle E-Business Suite
Oracle has fixed a vulnerability in the Oracle Configurator component of Oracle E-Business Suite Specific to versions 12.2.3 through 12.2.14. The vulnerability is located in the Oracle Configurator component of Oracle E-Business Suite, specifically in versions 12.2.3 through 12.2.14. This...
Vulnerabilities fixed in GitLab
GitLab has fixed vulnerabilities in GitLab CE/EE versions 13.12 to 18.2.8, 18.3 to 18.3.4, and 18.4 to 18.4.2. The vulnerabilities included an issue where specially constructed GraphQL queries could make large repository blobs unresponsive, and a flaw that allowed authenticated users with read-on...
Vulnerabilities fixed in Juniper Networks Junos OS
Juniper has fixed vulnerabilities in Junos OS Specifically for EX4600, QFX5000 Series switches and SRX4700 devices. The vulnerabilities in Junos OS include several serious issues, including the ability for unauthenticated attackers to cause Denial of Service DoS by sending specially crafted...
Vulnerability fixed in Oracle E-Business Suite
Oracle has fixed a vulnerability in Oracle E-Business Suite Specifically for the Concurrent Processing component in versions 12.2.3 to 12.2.14. The vulnerability is located in the Concurrent Processing component of the Oracle E-Business Suite. Unauthenticated attackers can exploit this...
Vulnerabilities fixed in Redis
Redis has fixed vulnerabilities in versions 8.2.1 and below. The vulnerabilities are in Redis' Lua scripting engine, which can be exploited by authenticated users. This can lead to remote code execution, out-of-bounds data access or server crashes. The vulnerabilities could compromise the integri...
Vulnerability fixed in IBM InfoSphere
IBM has fixed a vulnerability in InfoSphere Versions 11.7.0.0 to 11.7.1.6 The vulnerability is in how input is validated in affected versions of InfoSphere. Authenticated users can exploit this vulnerability to execute arbitrary commands with elevated privileges. This could lead to unauthorized...
Vulnerabilities fixed in VMware NSX
VMware fixed vulnerabilities in VMware NSX The vulnerabilities in VMware NSX include a weak password recovery mechanism that allows unauthenticated attackers to enumerate valid usernames, which can result in potential brute-force attacks on login credentials. Additionally, there is a username...
Vulnerabilities fixed in GitLab EE & CE
GitLab has fixed vulnerabilities in GitLab CE/EE Specifically for versions before 18.2.7, 18.3.3, and 18.4.1. The vulnerabilities include allowing authenticated users to access confidential information by creating projects with the same name as the victim, and gaining unauthorized access to...
Vulnerabilities fixed in Zenitel ICX500 and ICX510 gateway
Zenitel has fixed vulnerabilities in the ICX500 and ICX510 gateway products. The vulnerabilities allow malicious parties to gain unauthorized access to the Billing Admin endpoint and execute arbitrary commands on the device. This can lead to serious compromise of device availability,...
Vulnerabilities fixed in Cisco Secure Firewall ASA and FTD
Cisco has fixed vulnerabilities in Cisco Secure Firewall ASA and FTD Software. The vulnerability with reference CVE-2025-20333, is located in how the software validates user input in HTTPS requests. An attacker with valid VPN login credentials can exploit this vulnerability by sending specially...
Vulnerabilities fixed in Cisco IOS and Cisco IOS XE Software
Cisco has fixed vulnerabilities in Cisco IOS and Cisco IOS XE Software. The vulnerabilities include several issues, including a buffer overflow in the command-line interface CLI that can lead to unexpected device restarts and a vulnerability in the TACACS+ protocol implementation that allows...
Vulnerability fixed in Fortra's GoAnywhere MFT
Fortra has fixed a vulnerability in GoAnywhere MFT License Servlet Specifically. The vulnerability is in the deserialization of a controlled object within the License Servlet. An attacker could use a forged license response signature to perform command injection, which could lead to unauthorized...
Vulnerabilities fixed in HPE Aruba Networking EdgeConnect SD-WAN Gateways
HPE has fixed vulnerabilities in HPE Aruba Networking EdgeConnect SD-WAN Gateways. The vulnerabilities are in the command-line interface and Web API of the HPE Aruba Networking EdgeConnect SD-WAN Gateways. These vulnerabilities allow authenticated attackers to execute arbitrary system commands wi...
Vulnerabilities fixed in Spring Framework
VMWare has fixed vulnerabilities in the Spring Security framework. The vulnerabilities are in the way the Spring Security framework detects annotations, particularly in type hierarchies that use parameterized supertypes with unlimited generics. This can lead to authorization bypassing when using...
Vulnerabilities fixed in Ivanti products
Ivanti has fixed vulnerabilities in several products such as Connect Secure and Policy Secure. The vulnerabilities are in several Ivanti products and allow remote authenticated attackers with read-only admin rights to change authentication settings, configure restricted settings, hijack existing...
Vulnerabilities fixed in Apple iOS and iPadOS
Apple has fixed vulnerabilities in iOS and iPadOS. The vulnerabilities include several problems such as unauthorized access to sensitive user data, memory management issues, and vulnerabilities that could lead to denial-of-service or unexpected application crashes. These vulnerabilities could be...
Vulnerabilities fixed in Apple macOS
Apple has fixed vulnerabilities in macOS. The vulnerabilities include several issues related to accessing sensitive user data, permissions, and security vulnerabilities that could lead to unauthorized access or bypassing sandbox restrictions. These vulnerabilities could be exploited by malicious...
Vulnerabilities fixed in Omnissa Workspace ONE UEM
Omnissa has fixed vulnerabilities in Omnissa Workspace ONE UEM. The vulnerabilities are located in the API endpoints of Omnissa Workspace ONE UEM. The first vulnerability allows malicious parties to gain unauthorized access to sensitive information using the Path Traversal technique. This can lea...
Vulnerabilities fixed in GitLab CE/EE
GitLab has fixed vulnerabilities in GitLab CE/EE Versions for 18.1.6, 18.2.6, and 18.3.2. The vulnerabilities in the affected versions allow authenticated users to manipulate token management, disrupt background tasks, send multiple large SAML responses, manipulate proxy environments, access...
Vulnerabilities fixed in Cisco NX-OS Software
Cisco has fixed vulnerabilities in Cisco NX-OS Software for Nexus 3000 and 9000 Series Switches. The vulnerabilities are in several features of the Cisco NX-OS Software, including IS-IS, PIM6, logging, command-line interface CLI, and the REST API of the Nexus Dashboard. These vulnerabilities can ...
Vulnerabilities fixed in Cisco IOS XR Software
Cisco has fixed vulnerabilities in Cisco IOS XR Software. The vulnerabilities are in how Cisco IOS XR Software handles management interface ACL processing, the installation process and ARP implementation. A malicious party can exploit these vulnerabilities to bypass configured access control list...
Vulnerabilities fixed in Adobe Acrobat Reader
Adobe has fixed vulnerabilities in Adobe Acrobat Reader Specifically for versions 24.001.30254, 20.005.30774, 25.001.20672 and earlier. The vulnerability involves a Use After Free vulnerability that can lead to arbitrary code execution when a user opens a specially crafted malicious file. In...
Vulnerability fixed in Adobe Commerce and Magento
Adobe has fixed a vulnerability in Adobe Commerce and Magento. The vulnerability is in the way input is validated in Adobe Commerce and Magento. This vulnerability allows attackers to perform session takeover attacks without any user interaction, which can compromise the confidentiality and...
Vulnerabilities fixed in Adobe Experience Manager
Adobe has fixed vulnerabilities in Adobe Experience Manager versions 6.5.23.0 and earlier. The vulnerabilities are in the way Adobe Experience Manager handles security measures. Attackers with limited privileges, can exploit these vulnerabilities to perform unauthorized reads and writes, which ca...
Vulnerability fixed in Adobe Dreamweaver
Adobe has fixed a vulnerability in Dreamweaver Desktop Specifically for versions 21.5 and earlier. The vulnerability is in the way Dreamweaver handles CSRF attacks. A malicious party can exploit this vulnerability by allowing a user to interact with a malicious link, which can lead to the executi...
Vulnerability fixed in Adobe ColdFusion
Adobe has fixed a vulnerability in the ColdFusion platform, including versions 2025.3, 2023.15, 2021.21 and earlier. The vulnerability is in the way the ColdFusion platform allows path traversal. The vulnerability can be exploited by attackers to execute arbitrary code on affected systems. This c...
Vulnerabilities fixed in Microsoft SQL Server
Microsoft has fixed vulnerabilities in SQL Server. A malicious party could exploit the vulnerabilities to cause a denial-of-service DoS, grant themselves elevated privileges and/or gain access to sensitive data. Microsoft has made updates available that fix the described vulnerabilities. We...
Vulnerabilities fixed in Microsoft Azure
Microsoft has fixed vulnerabilities in Azure components. A malicious person could exploit the vulnerabilities to grant themselves elevated privileges, or execute arbitrary code. The most serious vulnerability is in the High-Performance Compute Pack HPC and allows an unauthenticated malicious pers...
Vulnerabilities fixed in Microsoft Office
Microsoft has fixed vulnerabilities in several Office products. A malicious party can exploit the vulnerabilities to carry out attacks that can lead to the following categories of damage: - Execution of arbitrary code User privileges - Accessing sensitive data - Obtaining elevated privileges -...
Vulnerabilities fixed in Microsoft Windows
Microsoft has fixed vulnerabilities in Windows. A malicious party can exploit the vulnerabilities to carry out attacks that can lead to the following categories of damage: - Denial-of-Service DoS - Circumvention of a security measure - Execution of arbitrary code root/admin privileges - Execution...
Vulnerabilities fixed in Schneider Electric Saitel
Schneider Electric has fixed vulnerabilities in Saitel components. The vulnerabilities are in how the BLMon Console handles special elements in operating system commands during SSH sessions. A malicious party could exploit these vulnerabilities to execute unauthorized shell commands, which could...
Vulnerabilities fixed in SAP products
SAP has fixed vulnerabilities in several products, including in SAP NetWeaver, SAP NetWeaver Application Server Java and SAP Landscape Transformation. The vulnerabilities are in the RMI-P4 module and the SAP NetWeaver AS Java platform, among others. The vulnerability with reference CVE-2025-42944...
Vulnerabilities fixed in Siemens products
Siemens has fixed vulnerabilities in several products such as Apogee, Industial Edge, RUGGEDCOM, SIMATIC, SIMOTION and SINAMICS. The vulnerabilities potentially enable a malicious person to carry out attacks that can lead to the following categories of damage: - Denial-of-Service DoS - Manipulati...
Vulnerabilities fixed in SAP products
SAP has fixed vulnerabilities in several products, including in SAP NetWeaver Application Server ABAP, SAP S/4HANA, SAP Landscape Transformation and AP Cloud Connector. The vulnerabilities include circumvention of authorization controls, Cross-Site Scripting XSS and a Directory Traversal...
Vulnerabilities fixed in Google Android and Samsung Mobile
Google has fixed vulnerabilities in Android. Samsung has fixed vulnerabilities relevant to Samsung Mobile in Samsung Mobile. The vulnerabilities in the Android kernel include a race condition between functions that manage CPU timers, which can lead to system instability. In addition,...
Vulnerability fixed in FreePBX
FreePBX has fixed a vulnerability in versions 15, 16 and 17. The vulnerability allows attackers to gain unauthorized access and potentially execute remote code by exploiting a validation and remediation error in the processing of user-supplied input, such as in the "endpoint" module. FreePBX...
Vulnerabilities fixed in Arcserve Unified Data Protection
Arcserve has fixed vulnerabilities in Arcserve Unified Data Protection UDP for all versions prior to 10.2. The vulnerabilities include an authentication bypass that allows unauthenticated malicious parties to access protected functions, a reflected cross-site scripting XSS vulnerability that allo...
Vulnerabilities fixed in Cisco NX-OS Software
Cisco has fixed vulnerabilities in Cisco NX-OS Software Specifically for Nexus 3000 and 9000 Series Switches. The vulnerabilities are in several features of the Cisco NX-OS Software. A vulnerability in the command-line interface CLI allows authenticated local malicious actors to perform command...
Vulnerability fixed in CrushFTP
CrushFTP has fixed a vulnerability in versions 10 through 10.8.5 and 11 through 11.3.423. The vulnerability is located in CrushFTP's AS2 validation. This vulnerability allows an attacker to gain administrative access via HTTPS, especially when the DMZ proxy feature is not used. The vulnerability...
Vulnerabilities fixed in IBM Cognos Command Center
IBM has fixed vulnerabilities in IBM Cognos Command Center Versions 10.2.4.1 and 10.2.5. The vulnerabilities in IBM Cognos Command Center allow malicious actors to hijack victims' click actions by tricking them into navigating to a malicious Web site. This can lead to further attacks that...