Lucene search
K

4197 matches found

NCSC
NCSC
•added 2025/09/10 10:49 a.m.•6 views

Vulnerability fixed in Adobe Commerce and Magento

Adobe has fixed a vulnerability in Adobe Commerce and Magento. The vulnerability is in the way input is validated in Adobe Commerce and Magento. This vulnerability allows attackers to perform session takeover attacks without any user interaction, which can compromise the confidentiality and...

9.1CVSS6.9AI score0.96742EPSS
Exploits9References1
NCSC
NCSC
•added 2025/09/10 10:46 a.m.•9 views

Vulnerabilities fixed in Adobe Experience Manager

Adobe has fixed vulnerabilities in Adobe Experience Manager versions 6.5.23.0 and earlier. The vulnerabilities are in the way Adobe Experience Manager handles security measures. Attackers with limited privileges, can exploit these vulnerabilities to perform unauthorized reads and writes, which ca...

7.7CVSS6.2AI score0.05247EPSS
Exploits0References1
NCSC
NCSC
•added 2025/09/10 10:38 a.m.•10 views

Vulnerability fixed in Adobe Dreamweaver

Adobe has fixed a vulnerability in Dreamweaver Desktop Specifically for versions 21.5 and earlier. The vulnerability is in the way Dreamweaver handles CSRF attacks. A malicious party can exploit this vulnerability by allowing a user to interact with a malicious link, which can lead to the executi...

8.6CVSS6.7AI score0.00166EPSS
Exploits0References1
NCSC
NCSC
•added 2025/09/10 10:24 a.m.•7 views

Vulnerability fixed in Adobe ColdFusion

Adobe has fixed a vulnerability in the ColdFusion platform, including versions 2025.3, 2023.15, 2021.21 and earlier. The vulnerability is in the way the ColdFusion platform allows path traversal. The vulnerability can be exploited by attackers to execute arbitrary code on affected systems. This c...

10CVSS7.6AI score0.19934EPSS
Exploits0References1
NCSC
NCSC
•added 2025/09/09 6:27 p.m.•7 views

Vulnerabilities fixed in Microsoft SQL Server

Microsoft has fixed vulnerabilities in SQL Server. A malicious party could exploit the vulnerabilities to cause a denial-of-service DoS, grant themselves elevated privileges and/or gain access to sensitive data. Microsoft has made updates available that fix the described vulnerabilities. We...

8.8CVSS7.4AI score0.32908EPSS
Exploits2
NCSC
NCSC
•added 2025/09/09 6:25 p.m.•7 views

Vulnerabilities fixed in Microsoft Azure

Microsoft has fixed vulnerabilities in Azure components. A malicious person could exploit the vulnerabilities to grant themselves elevated privileges, or execute arbitrary code. The most serious vulnerability is in the High-Performance Compute Pack HPC and allows an unauthenticated malicious pers...

9.8CVSS7.9AI score0.01923EPSS
Exploits0
NCSC
NCSC
•added 2025/09/09 6:23 p.m.•12 views

Vulnerabilities fixed in Microsoft Office

Microsoft has fixed vulnerabilities in several Office products. A malicious party can exploit the vulnerabilities to carry out attacks that can lead to the following categories of damage: - Execution of arbitrary code User privileges - Accessing sensitive data - Obtaining elevated privileges -...

8.8CVSS7.2AI score0.18084EPSS
Exploits0
NCSC
NCSC
•added 2025/09/09 6:22 p.m.•11 views

Vulnerabilities fixed in Microsoft Windows

Microsoft has fixed vulnerabilities in Windows. A malicious party can exploit the vulnerabilities to carry out attacks that can lead to the following categories of damage: - Denial-of-Service DoS - Circumvention of a security measure - Execution of arbitrary code root/admin privileges - Execution...

9.8CVSS7.6AI score0.18834EPSS
Exploits5
NCSC
NCSC
•added 2025/09/09 3:16 p.m.•40 views

Vulnerabilities fixed in Schneider Electric Saitel

Schneider Electric has fixed vulnerabilities in Saitel components. The vulnerabilities are in how the BLMon Console handles special elements in operating system commands during SSH sessions. A malicious party could exploit these vulnerabilities to execute unauthorized shell commands, which could...

5.8CVSS7.5AI score0.00537EPSS
Exploits0References1
NCSC
NCSC
•added 2025/09/09 11:12 a.m.•27 views

Vulnerabilities fixed in SAP products

SAP has fixed vulnerabilities in several products, including in SAP NetWeaver, SAP NetWeaver Application Server Java and SAP Landscape Transformation. The vulnerabilities are in the RMI-P4 module and the SAP NetWeaver AS Java platform, among others. The vulnerability with reference CVE-2025-42944...

10CVSS8.7AI score0.02882EPSS
Exploits2References1
NCSC
NCSC
•added 2025/09/09 11:6 a.m.•9 views

Vulnerabilities fixed in Siemens products

Siemens has fixed vulnerabilities in several products such as Apogee, Industial Edge, RUGGEDCOM, SIMATIC, SIMOTION and SINAMICS. The vulnerabilities potentially enable a malicious person to carry out attacks that can lead to the following categories of damage: - Denial-of-Service DoS - Manipulati...

9.8CVSS8.2AI score0.64718EPSS
Exploits1References7
NCSC
NCSC
•added 2025/09/05 11:12 a.m.•80 views

Vulnerabilities fixed in SAP products

SAP has fixed vulnerabilities in several products, including in SAP NetWeaver Application Server ABAP, SAP S/4HANA, SAP Landscape Transformation and AP Cloud Connector. The vulnerabilities include circumvention of authorization controls, Cross-Site Scripting XSS and a Directory Traversal...

9.9CVSS7AI score0.01553EPSS
Exploits0References1
NCSC
NCSC
•added 2025/09/04 8:15 a.m.•26 views

Vulnerabilities fixed in Google Android and Samsung Mobile

Google has fixed vulnerabilities in Android. Samsung has fixed vulnerabilities relevant to Samsung Mobile in Samsung Mobile. The vulnerabilities in the Android kernel include a race condition between functions that manage CPU timers, which can lead to system instability. In addition,...

9.8CVSS7.8AI score0.01345EPSS
Exploits14References2
NCSC
NCSC
•added 2025/08/29 8:37 a.m.•5 views

Vulnerability fixed in FreePBX

FreePBX has fixed a vulnerability in versions 15, 16 and 17. The vulnerability allows attackers to gain unauthorized access and potentially execute remote code by exploiting a validation and remediation error in the processing of user-supplied input, such as in the "endpoint" module. FreePBX...

10CVSS7.9AI score0.93286EPSS
Exploits21References2
NCSC
NCSC
•added 2025/08/28 12:56 p.m.•7 views

Vulnerabilities fixed in Arcserve Unified Data Protection

Arcserve has fixed vulnerabilities in Arcserve Unified Data Protection UDP for all versions prior to 10.2. The vulnerabilities include an authentication bypass that allows unauthenticated malicious parties to access protected functions, a reflected cross-site scripting XSS vulnerability that allo...

9.8CVSS7.6AI score0.00523EPSS
Exploits0References1
NCSC
NCSC
•added 2025/08/28 8:36 a.m.•13 views

Vulnerabilities fixed in Cisco NX-OS Software

Cisco has fixed vulnerabilities in Cisco NX-OS Software Specifically for Nexus 3000 and 9000 Series Switches. The vulnerabilities are in several features of the Cisco NX-OS Software. A vulnerability in the command-line interface CLI allows authenticated local malicious actors to perform command...

7.4CVSS7.1AI score0.03221EPSS
Exploits0References4
NCSC
NCSC
•added 2025/08/28 7:59 a.m.•9 views

Vulnerability fixed in CrushFTP

CrushFTP has fixed a vulnerability in versions 10 through 10.8.5 and 11 through 11.3.423. The vulnerability is located in CrushFTP's AS2 validation. This vulnerability allows an attacker to gain administrative access via HTTPS, especially when the DMZ proxy feature is not used. The vulnerability...

9.8CVSS7.2AI score0.92034EPSS
Exploits7References1
NCSC
NCSC
•added 2025/08/27 1:10 p.m.•5 views

Vulnerabilities fixed in IBM Cognos Command Center

IBM has fixed vulnerabilities in IBM Cognos Command Center Versions 10.2.4.1 and 10.2.5. The vulnerabilities in IBM Cognos Command Center allow malicious actors to hijack victims' click actions by tricking them into navigating to a malicious Web site. This can lead to further attacks that...

9.3CVSS7.1AI score0.00336EPSS
Exploits0References1
NCSC
NCSC
•added 2025/08/26 5:34 p.m.•9 views

Vulnerabilities fixed in Citrix NetScaler ADC and Gateway

Citrix has fixed vulnerabilities in the NetScaler ADC and Gateway The vulnerabilities are related to memory overflow and improper access control configurations. Malicious parties can exploit the vulnerabilities to cause a Denial-of-Service and potentially execute arbitrary code on the vulnerable...

9.8CVSS9.3AI score0.18973EPSS
Exploits6References5
NCSC
NCSC
•added 2025/08/25 12:16 p.m.•4 views

Vulnerability fixed in Apple macOS, iOS and iPadOS

Apple has fixed a vulnerability in several Apple operating systems. The vulnerability is in how the systems handle processing malicious image files, which can lead to memory corruption. This problem has been addressed by improved memory limit controls. Apple says it has information that this...

8.8CVSS6.5AI score0.19972EPSS
Exploits9References5
NCSC
NCSC
•added 2025/08/25 11:26 a.m.•62 views

Vulnerabilities fixed in Foxit Reader

Foxit has fixed vulnerabilities in Foxit Reader Specific to version 2025.1.0.27937. The vulnerabilities are in the way Foxit Reader handles PDF files. Malicious parties can exploit these vulnerabilities by tricking users into opening a malicious PDF file or visiting a malicious website, which can...

8.8CVSS7.8AI score0.00544EPSS
Exploits1References1
NCSC
NCSC
•added 2025/08/20 12:15 p.m.•9 views

Vulnerabilities fixed in Commvault

Commvault has fixed vulnerabilities in Commvault components such as CommCell and ComServe versions prior to 11.36.60. The vulnerabilities are in versions of Commvault prior to 11.36.60. The first vulnerability allows unauthenticated attackers to execute API calls through a known login mechanism,...

8.8CVSS8.5AI score0.20719EPSS
Exploits4References3
NCSC
NCSC
•added 2025/08/15 8:52 a.m.•11 views

Vulnerabilities fixed in Cisco Secure Firewall Software

Cisco has fixed multiple vulnerabilities in Cisco Secure Firewall Software including ASA and FTD. The vulnerabilities are in the way Cisco Secure Firewall handles key exchange IKEv2, with this it is possible for an unauthenticated attacker to perform a denial-of-service attack. The vulnerability...

10CVSS7.9AI score0.14468EPSS
Exploits1References1
NCSC
NCSC
•added 2025/08/14 12:38 p.m.•7 views

Vulnerabilities fixed in N-able N-Central

N-able has fixed vulnerabilities in N-Central. The vulnerabilities include insecure deserialization that poses the risk of command execution, and command injection that stems from improper sanitization of user input. An attacker could exploit these vulnerabilities to execute unauthorized commands...

9.4CVSS8.1AI score0.03171EPSS
Exploits1References1
NCSC
NCSC
•added 2025/08/14 7:0 a.m.•5 views

Vulnerabilities fixed in Xerox FreeFlow Core

Xerox has fixed vulnerabilities in Xerox FreeFlow Core. The vulnerabilities include a Path Traversal vulnerability that can be exploited by attackers to gain access to unauthorized files, leading to Remote Code Execution RCE. There is also a vulnerability due to improper processing of XML input,...

9.8CVSS7.9AI score0.14774EPSS
Exploits0References1
NCSC
NCSC
•added 2025/08/13 10:13 a.m.•33 views

Vulnerabilities fixed in Adobe InCopy

Adobe has fixed vulnerabilities in InCopy Versions 20.4, 19.5.4 and earlier. The vulnerabilities include an out-of-bounds write, heap-based buffer overflow and use after free, all of which can lead to arbitrarily code execution when a user opens a maliciously crafted file. These vulnerabilities...

7.8CVSS8.3AI score0.00309EPSS
Exploits0References1
NCSC
NCSC
•added 2025/08/13 10:12 a.m.•7 views

Vulnerabilities fixed in Adobe Framemaker

Adobe has fixed vulnerabilities in Adobe Framemaker Versions 2020.8, 2022.6 and earlier. The vulnerabilities include a Use After Free vulnerability that can lead to arbitrary code execution within the context of the application. Exploitation of this vulnerability requires user interaction,...

7.8CVSS7.3AI score0.0023EPSS
Exploits0References1
NCSC
NCSC
•added 2025/08/13 10:11 a.m.•6 views

Vulnerabilities fixed in Adobe Commerce and Magento

Adobe has fixed vulnerabilities in Adobe Commerce and Magento Versions 2.4.9-alpha1 and earlier. The vulnerabilities are in the way Adobe Commerce handles security measures. Attackers with elevated privileges can exploit a stored Cross-Site Scripting XSS vulnerability by injecting malicious scrip...

8.7CVSS6.1AI score0.00911EPSS
Exploits0References1
NCSC
NCSC
•added 2025/08/13 10:5 a.m.•54 views

Vulnerabilities fixed in Adobe InDesign

Adobe has fixed vulnerabilities in InDesign Desktop versions 20.4, 19.5.4, and earlier. The vulnerabilities are in the way Adobe InDesign Desktop processes files. When a user opens a maliciously crafted file, it can lead to arbitrary code execution. Attackers can exploit these vulnerabilities to...

7.8CVSS8.3AI score0.00318EPSS
Exploits0References1
NCSC
NCSC
•added 2025/08/13 10:0 a.m.•5 views

Vulnerability fixed in Adobe Photoshop

Adobe has fixed a vulnerability in Photoshop Desktop Versions 12.3, 8 and earlier. The vulnerability is in how Photoshop Desktop handles opening maliciously crafted files. This vulnerability allows attackers to execute arbitrary code within the application. Adobe has released updates to fix the...

7.8CVSS7.7AI score0.00243EPSS
Exploits0References1
NCSC
NCSC
•added 2025/08/13 9:59 a.m.•8 views

Vulnerabilities fixed in Adobe Illustrator

Adobe has fixed vulnerabilities in Adobe Illustrator Versions 28.7.8, 29.6.1 and earlier. The vulnerabilities are in the way Adobe Illustrator handles rogue files. These vulnerabilities can lead to arbitrary code execution, allowing attackers to perform unauthorized actions on affected systems. T...

7.8CVSS7.6AI score0.00325EPSS
Exploits0References1
NCSC
NCSC
•added 2025/08/13 9:35 a.m.•11 views

Vulnerabilities fixed in Fortinet products

Fortinet has fixed vulnerabilities in FortiOS, FortiProxy, FortiPAM, FortiSIEM, FortiWeb and FortiADC. The most serious vulnerability allows an unauthenticated attacker to remotely execute arbitrary code on FortiSIEM using custom CLI commands. Forti indicates that PoC code is available for this...

9.8CVSS8.1AI score0.5534EPSS
Exploits7References7
NCSC
NCSC
•added 2025/08/13 9:9 a.m.•6 views

Vulnerabilities fixed in Zoom

Zoom has fixed vulnerabilities in Zoom Clients for Windows. The first vulnerability concerns an untrusted search path issue, which could allow unauthenticated remote users to elevate their privileges via network access. The second vulnerability concerns a race condition in the installer, which ca...

9.6CVSS6.9AI score0.00539EPSS
Exploits0References2
NCSC
NCSC
•added 2025/08/13 9:6 a.m.•10 views

Vulnerabilities fixed in Ivanti Connect Secure, Policy Secure and ZTA Gateways

Ivanti has fixed vulnerabilities in Connect Secure, Policy Secure and ZTA Gateways. The vulnerabilities include a buffer over-read and a heap-based buffer overflow, both of which can be exploited by remote unauthenticated attackers to cause a denial-of-service DoS. There is also an issue with the...

8.7CVSS7.4AI score0.01084EPSS
Exploits0References1
NCSC
NCSC
•added 2025/08/13 7:29 a.m.•4 views

Vulnerabilities fixed in Microsoft Exchange Server

Microsoft has fixed vulnerabilities in Microsoft Exchange Server. The vulnerabilities in Microsoft Exchange Server result from improper input validation and the improper handling of special elements, which allow unauthorized attackers to manipulate data and forge communications. This can lead to...

8CVSS6.4AI score0.07448EPSS
Exploits0References1
NCSC
NCSC
•added 2025/08/13 7:25 a.m.•7 views

Vulnerabilities fixed in Microsoft Windows

Microsoft has fixed vulnerabilities in Windows, including Hyper-V, Graphics Component, and Routing and Remote Access Service RRAS. The vulnerabilities include several types of attacks, such as local privilege escalation, unwarranted access to sensitive information, and the potential for...

9.8CVSS7.9AI score0.38176EPSS
Exploits12References1
NCSC
NCSC
•added 2025/08/13 7:23 a.m.•26 views

Vulnerabilities fixed in Microsoft Office

Microsoft has fixed vulnerabilities in Microsoft Office including SharePoint, Visio, Word, Excel and PowerPoint. The vulnerabilities in Microsoft Office include several "use after free" errors, heap-based buffer overflows and other vulnerabilities that allow unauthorized attackers to execute...

9.8CVSS7.8AI score0.1831EPSS
Exploits0References1
NCSC
NCSC
•added 2025/08/13 7:22 a.m.•7 views

Vulnerabilities fixed in Azure products

Microsoft has fixed vulnerabilities in Azure products. The vulnerabilities are related to improper access control mechanisms, allowing authorized attackers to perform local spoofing attacks, obtain elevated privileges, reveal sensitive information and compromise the integrity of systems. This can...

10CVSS6.3AI score0.01311EPSS
Exploits1References1
NCSC
NCSC
•added 2025/08/13 7:21 a.m.•13 views

Vulnerabilities fixed in Microsoft Developer Tools

Microsoft has fixed vulnerabilities in Web Deploy. The vulnerability in Web Deploy results from the deserialization of untrusted data. This issue can be exploited by an authorized attacker, enabling them to remotely execute code on the affected system. Web Deploy:...

8.8CVSS7.3AI score0.22399EPSS
Exploits5References1
NCSC
NCSC
•added 2025/08/13 7:19 a.m.•8 views

Vulnerabilities fixed in Microsoft SQL Server

Microsoft has fixed vulnerabilities in SQL Server. The vulnerabilities are related to improper access management and SQL injection, which allows authorized attackers to escalate privileges within a network. This can lead to unauthorized access and manipulation of sensitive data. The vulnerabiliti...

8.8CVSS7.4AI score0.01625EPSS
Exploits2References1
NCSC
NCSC
•added 2025/08/12 1:3 p.m.•13 views

Vulnerabilities fixed in Siemens products

Siemens has fixed vulnerabilities in several products such as SIMATIC, SINEC, SIMAC, RUGGEDCOM, SIMOTION, SINAMICS, SIPROTEC and SINUMERIK. The vulnerabilities potentially enable a malicious person to carry out attacks that can lead to the following categories of damage: Denial-of-Service DoS...

9.8CVSS8.6AI score0.01253EPSS
Exploits2References12
NCSC
NCSC
•added 2025/08/11 7:36 a.m.•9 views

Vulnerability fixed in WinRAR

Rarlab has fixed a vulnerability in WinRAR. The vulnerability is in the Windows version of WinRAR and involves a path traversal. This flaw allows attackers to execute arbitrary code using malicious archive files. This can lead to unauthorized access and control of affected systems. Public sources...

8.8CVSS7.7AI score0.80906EPSS
Exploits35References1
NCSC
NCSC
•added 2025/08/07 9:15 a.m.•4 views

Vulnerability fixed in Microsoft Exchange

Microsoft has fixed a vulnerability in Microsoft Exchange Server hybrid deployments. The vulnerability allows a user with administrative privileges on an on-premises Microsoft Exchange server to elevate privileges to the cloud. Microsoft has released a Hot Fix to fix the vulnerability. See attach...

8CVSS6.8AI score0.07448EPSS
Exploits0References1
NCSC
NCSC
•added 2025/08/06 1:21 p.m.•6 views

Vulnerabilities fixed in Trend Micro Apex One

Trend Micro has fixed vulnerabilities in the Apex One management console. The vulnerability in the management console allows a remote attacker without authentication to arbitrarily upload code and execute commands on affected installations. Both CVEs are similar, it just affects different CPU...

9.8CVSS8AI score0.2079EPSS
Exploits0References1
NCSC
NCSC
•added 2025/08/06 7:55 a.m.•6 views

Vulnerabilities fixed in Rockwell Automation Arena

Rockwell Automation has fixed vulnerabilities in Arena Simulation. The vulnerabilities are in the way Arena Simulation processes files, with this it is possible to manipulate and read memory. The vulnerabilities allow malicious actors to reveal sensitive information and execute arbitrary code whe...

8.7CVSS7.5AI score0.00263EPSS
Exploits0References1
NCSC
NCSC
•added 2025/07/31 11:12 a.m.•8 views

Vulnerability fixed in SonicWall SonicOS

SonicWall has fixed a vulnerability in SonicOS. The vulnerability is in how SonicOS' SSL VPN interface handles externally controlled formatting strings. This can be exploited by external, unauthenticated attackers, leading to service disruptions. Attackers can exploit this vulnerability to affect...

9.8CVSS6.9AI score0.00875EPSS
Exploits0References1
NCSC
NCSC
•added 2025/07/30 1:2 p.m.•11 views

Vulnerabilities fixed in Apple macOS, iOS and iPadOS

Apple has fixed vulnerabilities in macOS, iOS and iPadOS. The vulnerabilities include several issues, such as insufficient input validation, memory corruption, and logic issues that can lead to unauthorized access to sensitive user data. These vulnerabilities can be exploited by malicious parties...

9.8CVSS7AI score0.09185EPSS
Exploits3References7
NCSC
NCSC
•added 2025/07/30 8:4 a.m.•36 views

Vulnerabilities fixed in Autodesk AutoCAD

Autodesk has fixed vulnerabilities in AutoCAD. The vulnerabilities are in the way certain Autodesk products handle specially crafted files. These vulnerabilities can lead to memory corruption, Out-of-Bounds write and read conditions, and Use-After-Free errors. This can result in consequences such...

7.8CVSS7.4AI score0.00163EPSS
Exploits0References1
NCSC
NCSC
•added 2025/07/28 7:52 a.m.•7 views

Vulnerabilities fixed in Salesforce Tableau Server

Salesforce has fixed vulnerabilities in Salesforce Tableau Server Specifically for versions lower than 25.1.3, 2024.2.12, and 2023.3.19. The vulnerabilities include unauthorized access to data via user-controlled keys, authorization bypass, unrestricted file uploads of dangerous file types,...

8.5CVSS7.2AI score0.00416EPSS
Exploits0References1
NCSC
NCSC
•added 2025/07/23 3:31 p.m.•12 views

Zeroday vulnerabilities discovered in Microsoft SharePoint Server

Microsoft has released information about actively exploited zeroday vulnerabilities in on-premises versions of Microsoft SharePoint Server. SharePoint Online part of Microsoft 365 has not been affected. The zeroday vulnerabilities, marked CVE-2025-53770 and CVE-2025-53771, allow a malicious perso...

9.8CVSS7.6AI score0.99979EPSS
Exploits41References4
Total number of security vulnerabilities4197