Lucene search
K

4197 matches found

NCSC
NCSC
•added 2025/10/23 1:49 p.m.•11 views

Vulnerabilities fixed in Oracle Hyperion

Oracle has fixed several vulnerabilities in Oracle Hyperion, including Hyperion Financial Management and Hyperion Data Relationship Management. The vulnerabilities in Oracle Hyperion allow unauthenticated attackers to gain access to the system, which can lead to unauthorized data access and...

9.8CVSS7.3AI score0.64718EPSS
Exploits3References1
NCSC
NCSC
•added 2025/10/23 1:45 p.m.•10 views

Vulnerabilities fixed in Oracle Analytics

Oracle has fixed several vulnerabilities in Oracle Analytics products. The vulnerabilities can compromise confidentiality, integrity and availability, with a maximum impact score of "HIGH. Attackers can exploit these vulnerabilities to gain unauthorized access or conduct denial-of-service DoS...

8.7CVSS7.1AI score0.64718EPSS
Exploits2References1
NCSC
NCSC
•added 2025/10/23 1:35 p.m.•9 views

Vulnerabilities fixed in Oracle Financial Services

Oracle has fixed vulnerabilities in Oracle Financial Services components. The vulnerabilities allow unauthenticated attackers to gain unauthorized access to sensitive data over HTTP. This can lead to unauthorized access and modification of critical data, with a CVSS score of 9.8 highlighting the...

9.8CVSS7.2AI score0.73495EPSS
Exploits9References1
NCSC
NCSC
•added 2025/10/23 1:26 p.m.•13 views

Vulnerabilities fixed in Oracle Enterprise Manager

Oracle fixed vulnerabilities in Enterprise Manager The vulnerabilities allow unauthorized attackers to gain access to sensitive data and can lead to denial-of-service DoS attacks. Specifically, the vulnerability in Oracle Enterprise Manager's Security Framework can be exploited by unauthenticated...

8.7CVSS6.7AI score0.64718EPSS
Exploits7References1
NCSC
NCSC
•added 2025/10/23 1:23 p.m.•13 views

Vulnerabilities fixed in Oracle E-Business Suite

Oracle has fixed vulnerabilities in Oracle E-Business Suite Specifically for versions 12.2.3 to 12.2.14. The vulnerabilities are in several components of Oracle E-Business Suite, including iStore, Product Hub, Workflow, Applications Manager, and Marketing. These vulnerabilities allow...

9.8CVSS7AI score0.00652EPSS
Exploits4References1
NCSC
NCSC
•added 2025/10/23 1:20 p.m.•15 views

Vulnerabilities fixed in Oracle Communications products

Oracle has fixed several vulnerabilities in its Communications products, including Unified Assurance and Cloud Native Core. The vulnerabilities in Oracle Communications products allow malicious actors to gain unauthorized access, which can lead to partial or full Denial-of-Service DoS attacks...

9.8CVSS6.4AI score0.8496EPSS
Exploits40References1
NCSC
NCSC
•added 2025/10/23 7:20 a.m.•8 views

Vulnerabilities fixed in Oracle Commerce

Oracle has fixed vulnerabilities in several subcomponents of Oracle Commerce products, including Oracle Middleware Common Libraries, Oracle Documaker, Oracle WebCenter Forms Recognition, Oracle WebLogic Server, and Oracle Application Testing Suite. The vulnerabilities allow unauthenticated...

8.7CVSS7.5AI score0.64718EPSS
Exploits3References1
NCSC
NCSC
•added 2025/10/23 7:19 a.m.•11 views

Vulnerabilities fixed in Oracle Database products

Oracle fixed vulnerabilities in Oracle Database Server products Vulnerabilities in Oracle Database Server allow unauthenticated attackers to gain unauthorized access to critical data, which can lead to breaches of data confidentiality, integrity and availability. Specific vulnerabilities, such as...

9.8CVSS7.6AI score0.64718EPSS
Exploits14References1
NCSC
NCSC
•added 2025/10/23 7:18 a.m.•10 views

Vulnerabilities fixed in Zohocorp's ManageEngine

Zohocorp has fixed vulnerabilities in ManageEngine Specifically for ADManager Plus, EndPoint Central and Analytics Plus. The vulnerabilities include an authenticated command injection in ADManager Plus, XML injections in EndPoint Central, and an authenticated SQL injection in Analytics Plus. Thes...

8.8CVSS8.2AI score0.25403EPSS
Exploits0References3
NCSC
NCSC
•added 2025/10/20 1:3 p.m.•7 views

Vulnerabilities fixed in Moxa's network security devices

Moxa has fixed vulnerabilities in their network security devices. The vulnerabilities in Moxa's network security devices include improper authorization that allows unauthorized access to protected API endpoints, as well as an issue with access control mechanisms that can lead to privilege...

9.9CVSS7.3AI score0.00649EPSS
Exploits0References1
NCSC
NCSC
•added 2025/10/20 12:59 p.m.•6 views

Vulnerabilities fixed in Mozilla Firefox and Thunderbird

Mozilla has fixed vulnerabilities in Firefox and Thunderbird Specifically for versions under 144. The vulnerabilities include several problems, including a use-after-free issue, memory security flaws and the ability for a malicious person to access sensitive data or execute arbitrary code. These...

9.8CVSS7.5AI score0.00475EPSS
Exploits0References5
NCSC
NCSC
•added 2025/10/17 10:44 a.m.•11 views

Vulnerabilities fixed in Adobe Experience Manager

Adobe has fixed vulnerabilities in Adobe Experience Manager versions 6.5.23 and earlier. The vulnerabilities are in the configuration of Adobe Experience Manager, which allows attackers to execute arbitrary code without any user interaction. This can lead to unauthorized access and control of...

10CVSS8AI score0.87515EPSS
Exploits7References1
NCSC
NCSC
•added 2025/10/17 8:42 a.m.•10 views

Vulnerability fixed in FortiOS

Fortinet has fixed a vulnerability in FortiOS multiple versions. The vulnerability is in the way FortiOS handles memory allocation. Authenticated users can exploit this vulnerability by sending specially crafted requests, which can lead to the execution of unauthorized code. This can have serious...

8.8CVSS6.9AI score0.0063EPSS
Exploits0References1
NCSC
NCSC
•added 2025/10/17 8:19 a.m.•11 views

Vulnerability fixed in WatchGuard Fireware OS

WatchGuard has fixed a vulnerability in Fireware OS Specific to certain VPN configurations. The vulnerability is in the way Fireware OS handles Out-of-bounds Write. This allows a malicious, unauthenticated attacker to execute arbitrary code. This could lead to serious consequences for affected...

9.8CVSS7.4AI score0.8637EPSS
Exploits2References1
NCSC
NCSC
•added 2025/10/17 8:4 a.m.•8 views

Vulnerabilities fixed in SAP Products

SAP has fixed vulnerabilities in several SAP products. The vulnerabilities include a deserialization vulnerability that allows unauthenticated attackers to execute arbitrary OS commands, and a CSRF vulnerability that allows authenticated attackers to bypass critical authorization controls. In...

10CVSS7.8AI score0.02882EPSS
Exploits1
NCSC
NCSC
•added 2025/10/16 6:32 a.m.•10 views

Vulnerabilities fixed in Adobe Commerce

Adobe has fixed vulnerabilities in Adobe Commerce Specifically for versions 2.4.9-alpha2 and earlier. The vulnerabilities include improper authorization that allows low-privileged attackers to bypass security measures, which can lead to unauthorized access to sensitive data without user...

8.1CVSS5.8AI score0.00564EPSS
Exploits0References1
NCSC
NCSC
•added 2025/10/16 6:27 a.m.•9 views

Vulnerabilities fixed in Adobe Illustrator

Adobe has fixed vulnerabilities in Adobe Illustrator Versions 29.7, 28.7.9 and earlier. The vulnerabilities are in how Adobe Illustrator handles malicious files. A malicious party can exploit these vulnerabilities by tricking a user into opening a malicious file, which can lead to the execution o...

7.8CVSS7.1AI score0.00198EPSS
Exploits0References1
NCSC
NCSC
•added 2025/10/16 6:25 a.m.•6 views

Vulnerabilities fixed in Adobe Framemaker

Adobe has fixed vulnerabilities in Adobe Framemaker Versions 2020.9, 2022.7 and earlier. The vulnerabilities are in versions 2020.9, 2022.7 and earlier of Adobe Framemaker. The first vulnerability involves a Use After Free, which can lead to arbitrary code execution when a user opens a specially...

7.8CVSS7.6AI score0.00212EPSS
Exploits0References1
NCSC
NCSC
•added 2025/10/15 6:22 a.m.•6 views

Vulnerabilities fixed in Ivanti Endpoint Manager

Ivanti has fixed vulnerabilities in Ivanti Endpoint Manager. The vulnerabilities include an insecure deserialization, a path traversal and multiple SQL injection vulnerabilities. The insecure deserialization can be exploited by local, authenticated attackers to gain elevated privileges, leading t...

8.8CVSS8.7AI score0.14805EPSS
Exploits0References1
NCSC
NCSC
•added 2025/10/15 6:13 a.m.•13 views

Vulnerabilities fixed in Veeam Backup & Replication

Veeam has fixed vulnerabilities in Veeam Backup & Replication. The vulnerabilities are in Veeam Backup & Replication's Mount service and Backup Server, both of which are vulnerable to remote code execution RCE by authenticated domain users. This can lead to unauthorized access and manipulation of...

9.9CVSS8.1AI score0.00976EPSS
Exploits0References1
NCSC
NCSC
•added 2025/10/14 6:52 p.m.•6 views

Vulnerability fixed in Microsoft SQL Server

Microsoft has fixed a vulnerability in the JDBC driver for SQL Server. A malicious party could exploit the vulnerability to gain access to sensitive data, such as login credentials, through a Server-in-the-Middle attack. For successful exploitation, the malicious party must trick the victim into...

8.1CVSS7.2AI score0.00685EPSS
Exploits0
NCSC
NCSC
•added 2025/10/14 6:38 p.m.•9 views

Vulnerabilities fixed in Microsoft Office

Microsoft has fixed vulnerabilities in several Office products. A malicious party could exploit the vulnerabilities to cause a denial-of-service, execute arbitrary code with the victim's privileges, or gain access to sensitive data in the victim's context. Successful exploitation requires the...

8.8CVSS7.3AI score0.02296EPSS
Exploits0
NCSC
NCSC
•added 2025/10/14 6:27 p.m.•5 views

Vulnerabilities fixed in Microsoft System Center

Microsoft has fixed vulnerabilities in System Center Configuration Manager. A malicious party could exploit the vulnerabilities to grant themselves elevated privileges, potentially gaining access to sensitive data or executing arbitrary code with elevated privileges. For successful misuse, the...

8.4CVSS7.3AI score0.00637EPSS
Exploits0
NCSC
NCSC
•added 2025/10/14 6:21 p.m.•10 views

Vulnerabilities fixed in Microsoft Developer Tools

Microsoft has fixed vulnerabilities in several Developer Tools. A malicious party could exploit the vulnerabilities to grant themselves elevated privileges, bypass security measures and gain access to sensitive data. The most serious vulnerability has been assigned CVE-2025-55315 and is located i...

9.9CVSS6.5AI score0.65838EPSS
Exploits5
NCSC
NCSC
•added 2025/10/14 6:16 p.m.•6 views

Vulnerabilities fixed in Microsoft Exchange

Microsoft has fixed vulnerabilities in Exchange Server. A malicious person could exploit the vulnerabilities to impersonate another user and grant themselves elevated privileges. For successful abuse, the malicious party must have prior authentication. Microsoft has made updates available that fi...

8.8CVSS6.8AI score0.00943EPSS
Exploits0
NCSC
NCSC
•added 2025/10/14 6:13 p.m.•12 views

Vulnerabilities fixed in Microsoft Azure

Microsoft has fixed vulnerabilities in several Azure components. A malicious party could exploit the vulnerabilities to impersonate another user and potentially grant themselves elevated privileges, in order to gain access to sensitive data or execute arbitrary code with elevated privileges. The...

9.8CVSS7.3AI score0.071EPSS
Exploits0
NCSC
NCSC
•added 2025/10/14 11:22 a.m.•6 views

Vulnerabilities fixed in Siemens products

Siemens has fixed vulnerabilities in several products such as SIMATIC, SINEC, SIPLUS and Solid Edge. The vulnerabilities potentially enable a malicious person to carry out attacks that can lead to the following categories of damage: - Denial-of-Service DoS - Manipulation of data - Circumvention o...

9.8CVSS7.6AI score0.06564EPSS
Exploits6References6
NCSC
NCSC
•added 2025/10/13 8:31 a.m.•8 views

Vulnerabilities fixed in Juniper Networks Junos Space

Juniper has fixed vulnerabilities in Junos Space Specifically for all versions prior to 24.1R4. The vulnerabilities are in the way Juniper Networks Junos Space processes user input. Attackers can inject malicious scripts into various pages, such as the Device Template Definition, Global Search, a...

9.4CVSS7.1AI score0.00572EPSS
Exploits0References1
NCSC
NCSC
•added 2025/10/13 7:52 a.m.•8 views

Vulnerability fixed in Oracle E-Business Suite

Oracle has fixed a vulnerability in the Oracle Configurator component of Oracle E-Business Suite Specific to versions 12.2.3 through 12.2.14. The vulnerability is located in the Oracle Configurator component of Oracle E-Business Suite, specifically in versions 12.2.3 through 12.2.14. This...

7.5CVSS7.1AI score0.97788EPSS
Exploits6References1
NCSC
NCSC
•added 2025/10/13 7:25 a.m.•8 views

Vulnerabilities fixed in GitLab

GitLab has fixed vulnerabilities in GitLab CE/EE versions 13.12 to 18.2.8, 18.3 to 18.3.4, and 18.4 to 18.4.2. The vulnerabilities included an issue where specially constructed GraphQL queries could make large repository blobs unresponsive, and a flaw that allowed authenticated users with read-on...

7.7CVSS6.5AI score0.00496EPSS
Exploits1References1
NCSC
NCSC
•added 2025/10/13 7:17 a.m.•84 views

Vulnerabilities fixed in Juniper Networks Junos OS

Juniper has fixed vulnerabilities in Junos OS Specifically for EX4600, QFX5000 Series switches and SRX4700 devices. The vulnerabilities in Junos OS include several serious issues, including the ability for unauthenticated attackers to cause Denial of Service DoS by sending specially crafted...

9.2CVSS7.4AI score0.01015EPSS
Exploits1References16
NCSC
NCSC
•added 2025/10/08 1:3 p.m.•15 views

Vulnerability fixed in Oracle E-Business Suite

Oracle has fixed a vulnerability in Oracle E-Business Suite Specifically for the Concurrent Processing component in versions 12.2.3 to 12.2.14. The vulnerability is located in the Concurrent Processing component of the Oracle E-Business Suite. Unauthenticated attackers can exploit this...

9.8CVSS6.9AI score0.99722EPSS
Exploits15References2
NCSC
NCSC
•added 2025/10/08 11:43 a.m.•6 views

Vulnerabilities fixed in Redis

Redis has fixed vulnerabilities in versions 8.2.1 and below. The vulnerabilities are in Redis' Lua scripting engine, which can be exploited by authenticated users. This can lead to remote code execution, out-of-bounds data access or server crashes. The vulnerabilities could compromise the integri...

9.9CVSS7.5AI score0.86767EPSS
Exploits15References2
NCSC
NCSC
•added 2025/09/30 8:31 a.m.•13 views

Vulnerability fixed in IBM InfoSphere

IBM has fixed a vulnerability in InfoSphere Versions 11.7.0.0 to 11.7.1.6 The vulnerability is in how input is validated in affected versions of InfoSphere. Authenticated users can exploit this vulnerability to execute arbitrary commands with elevated privileges. This could lead to unauthorized...

8.8CVSS7.3AI score0.00417EPSS
Exploits0References1
NCSC
NCSC
•added 2025/09/30 8:29 a.m.•7 views

Vulnerabilities fixed in VMware NSX

VMware fixed vulnerabilities in VMware NSX The vulnerabilities in VMware NSX include a weak password recovery mechanism that allows unauthenticated attackers to enumerate valid usernames, which can result in potential brute-force attacks on login credentials. Additionally, there is a username...

8.5CVSS7AI score0.01022EPSS
Exploits0References1
NCSC
NCSC
•added 2025/09/29 9:40 a.m.•59 views

Vulnerabilities fixed in GitLab EE & CE

GitLab has fixed vulnerabilities in GitLab CE/EE Specifically for versions before 18.2.7, 18.3.3, and 18.4.1. The vulnerabilities include allowing authenticated users to access confidential information by creating projects with the same name as the victim, and gaining unauthorized access to...

9.6CVSS7.1AI score0.00573EPSS
Exploits0References1
NCSC
NCSC
•added 2025/09/26 7:0 a.m.•14 views

Vulnerabilities fixed in Zenitel ICX500 and ICX510 gateway

Zenitel has fixed vulnerabilities in the ICX500 and ICX510 gateway products. The vulnerabilities allow malicious parties to gain unauthorized access to the Billing Admin endpoint and execute arbitrary commands on the device. This can lead to serious compromise of device availability,...

8.8CVSS7.5AI score0.00258EPSS
Exploits0References1
NCSC
NCSC
•added 2025/09/25 6:17 p.m.•15 views

Vulnerabilities fixed in Cisco Secure Firewall ASA and FTD

Cisco has fixed vulnerabilities in Cisco Secure Firewall ASA and FTD Software. The vulnerability with reference CVE-2025-20333, is located in how the software validates user input in HTTPS requests. An attacker with valid VPN login credentials can exploit this vulnerability by sending specially...

9.9CVSS7.8AI score0.85543EPSS
Exploits1References5
NCSC
NCSC
•added 2025/09/25 10:42 a.m.•86 views

Vulnerabilities fixed in Cisco IOS and Cisco IOS XE Software

Cisco has fixed vulnerabilities in Cisco IOS and Cisco IOS XE Software. The vulnerabilities include several issues, including a buffer overflow in the command-line interface CLI that can lead to unexpected device restarts and a vulnerability in the TACACS+ protocol implementation that allows...

8.8CVSS6.9AI score0.37613EPSS
Exploits1References13
NCSC
NCSC
•added 2025/09/19 12:0 a.m.•9 views

Vulnerability fixed in Fortra's GoAnywhere MFT

Fortra has fixed a vulnerability in GoAnywhere MFT License Servlet Specifically. The vulnerability is in the deserialization of a controlled object within the License Servlet. An attacker could use a forged license response signature to perform command injection, which could lead to unauthorized...

10CVSS7.1AI score0.99614EPSS
Exploits3
NCSC
NCSC
•added 2025/09/18 12:2 p.m.•11 views

Vulnerabilities fixed in HPE Aruba Networking EdgeConnect SD-WAN Gateways

HPE has fixed vulnerabilities in HPE Aruba Networking EdgeConnect SD-WAN Gateways. The vulnerabilities are in the command-line interface and Web API of the HPE Aruba Networking EdgeConnect SD-WAN Gateways. These vulnerabilities allow authenticated attackers to execute arbitrary system commands wi...

8.8CVSS7.5AI score0.00599EPSS
Exploits0References1
NCSC
NCSC
•added 2025/09/16 1:38 p.m.•7 views

Vulnerabilities fixed in Spring Framework

VMWare has fixed vulnerabilities in the Spring Security framework. The vulnerabilities are in the way the Spring Security framework detects annotations, particularly in type hierarchies that use parameterized supertypes with unlimited generics. This can lead to authorization bypassing when using...

7.5CVSS6.9AI score0.0046EPSS
Exploits0References1
NCSC
NCSC
•added 2025/09/16 12:21 p.m.•10 views

Vulnerabilities fixed in Ivanti products

Ivanti has fixed vulnerabilities in several products such as Connect Secure and Policy Secure. The vulnerabilities are in several Ivanti products and allow remote authenticated attackers with read-only admin rights to change authentication settings, configure restricted settings, hijack existing...

8.9CVSS6.9AI score0.00855EPSS
Exploits0References1
NCSC
NCSC
•added 2025/09/16 11:17 a.m.•6 views

Vulnerabilities fixed in Apple iOS and iPadOS

Apple has fixed vulnerabilities in iOS and iPadOS. The vulnerabilities include several problems such as unauthorized access to sensitive user data, memory management issues, and vulnerabilities that could lead to denial-of-service or unexpected application crashes. These vulnerabilities could be...

9.8CVSS7.5AI score0.73495EPSS
Exploits3References2
NCSC
NCSC
•added 2025/09/16 11:16 a.m.•92 views

Vulnerabilities fixed in Apple macOS

Apple has fixed vulnerabilities in macOS. The vulnerabilities include several issues related to accessing sensitive user data, permissions, and security vulnerabilities that could lead to unauthorized access or bypassing sandbox restrictions. These vulnerabilities could be exploited by malicious...

9.8CVSS8AI score0.73495EPSS
Exploits3References3
NCSC
NCSC
•added 2025/09/12 3:23 p.m.•7 views

Vulnerabilities fixed in Omnissa Workspace ONE UEM

Omnissa has fixed vulnerabilities in Omnissa Workspace ONE UEM. The vulnerabilities are located in the API endpoints of Omnissa Workspace ONE UEM. The first vulnerability allows malicious parties to gain unauthorized access to sensitive information using the Path Traversal technique. This can lea...

7.5CVSS6.6AI score0.20348EPSS
Exploits1References1
NCSC
NCSC
•added 2025/09/12 2:49 p.m.•10 views

Vulnerabilities fixed in GitLab CE/EE

GitLab has fixed vulnerabilities in GitLab CE/EE Versions for 18.1.6, 18.2.6, and 18.3.2. The vulnerabilities in the affected versions allow authenticated users to manipulate token management, disrupt background tasks, send multiple large SAML responses, manipulate proxy environments, access...

8.8CVSS6.6AI score0.00645EPSS
Exploits0References1
NCSC
NCSC
•added 2025/09/11 8:18 a.m.•7 views

Vulnerabilities fixed in Cisco NX-OS Software

Cisco has fixed vulnerabilities in Cisco NX-OS Software for Nexus 3000 and 9000 Series Switches. The vulnerabilities are in several features of the Cisco NX-OS Software, including IS-IS, PIM6, logging, command-line interface CLI, and the REST API of the Nexus Dashboard. These vulnerabilities can ...

7.4CVSS7.2AI score0.03221EPSS
Exploits0References6
NCSC
NCSC
•added 2025/09/11 8:14 a.m.•6 views

Vulnerabilities fixed in Cisco IOS XR Software

Cisco has fixed vulnerabilities in Cisco IOS XR Software. The vulnerabilities are in how Cisco IOS XR Software handles management interface ACL processing, the installation process and ARP implementation. A malicious party can exploit these vulnerabilities to bypass configured access control list...

7.4CVSS7.7AI score0.00589EPSS
Exploits0References3
NCSC
NCSC
•added 2025/09/10 11:1 a.m.•9 views

Vulnerabilities fixed in Adobe Acrobat Reader

Adobe has fixed vulnerabilities in Adobe Acrobat Reader Specifically for versions 24.001.30254, 20.005.30774, 25.001.20672 and earlier. The vulnerability involves a Use After Free vulnerability that can lead to arbitrary code execution when a user opens a specially crafted malicious file. In...

7.8CVSS7.1AI score0.00331EPSS
Exploits0References1
Total number of security vulnerabilities4197