Vulnerabilities fixed in Citrix NetScaler ADC and Gateway

Citrix has fixed vulnerabilities in the NetScaler ADC and Gateway The vulnerabilities are related to memory overflow and improper access control configurations. Malicious parties can exploit the vulnerabilities to cause a Denial-of-Service and potentially execute arbitrary code on the vulnerable...

Vulnerability fixed in Apple macOS, iOS and iPadOS

Apple has fixed a vulnerability in several Apple operating systems. The vulnerability is in how the systems handle processing malicious image files, which can lead to memory corruption. This problem has been addressed by improved memory limit controls. Apple says it has information that this...

Vulnerabilities fixed in Foxit Reader

Foxit has fixed vulnerabilities in Foxit Reader Specific to version 2025.1.0.27937. The vulnerabilities are in the way Foxit Reader handles PDF files. Malicious parties can exploit these vulnerabilities by tricking users into opening a malicious PDF file or visiting a malicious website, which can...

Vulnerabilities fixed in Commvault

Commvault has fixed vulnerabilities in Commvault components such as CommCell and ComServe versions prior to 11.36.60. The vulnerabilities are in versions of Commvault prior to 11.36.60. The first vulnerability allows unauthenticated attackers to execute API calls through a known login mechanism,...

Vulnerabilities fixed in Cisco Secure Firewall Software

Cisco has fixed multiple vulnerabilities in Cisco Secure Firewall Software including ASA and FTD. The vulnerabilities are in the way Cisco Secure Firewall handles key exchange IKEv2, with this it is possible for an unauthenticated attacker to perform a denial-of-service attack. The vulnerability...

Vulnerabilities fixed in N-able N-Central

N-able has fixed vulnerabilities in N-Central. The vulnerabilities include insecure deserialization that poses the risk of command execution, and command injection that stems from improper sanitization of user input. An attacker could exploit these vulnerabilities to execute unauthorized commands...

Vulnerabilities fixed in Xerox FreeFlow Core

Xerox has fixed vulnerabilities in Xerox FreeFlow Core. The vulnerabilities include a Path Traversal vulnerability that can be exploited by attackers to gain access to unauthorized files, leading to Remote Code Execution RCE. There is also a vulnerability due to improper processing of XML input,...

Vulnerabilities fixed in Adobe InCopy

Adobe has fixed vulnerabilities in InCopy Versions 20.4, 19.5.4 and earlier. The vulnerabilities include an out-of-bounds write, heap-based buffer overflow and use after free, all of which can lead to arbitrarily code execution when a user opens a maliciously crafted file. These vulnerabilities...

Vulnerabilities fixed in Adobe Framemaker

Adobe has fixed vulnerabilities in Adobe Framemaker Versions 2020.8, 2022.6 and earlier. The vulnerabilities include a Use After Free vulnerability that can lead to arbitrary code execution within the context of the application. Exploitation of this vulnerability requires user interaction,...

Vulnerabilities fixed in Adobe Commerce and Magento

Adobe has fixed vulnerabilities in Adobe Commerce and Magento Versions 2.4.9-alpha1 and earlier. The vulnerabilities are in the way Adobe Commerce handles security measures. Attackers with elevated privileges can exploit a stored Cross-Site Scripting XSS vulnerability by injecting malicious scrip...

Vulnerabilities fixed in Adobe InDesign

Adobe has fixed vulnerabilities in InDesign Desktop versions 20.4, 19.5.4, and earlier. The vulnerabilities are in the way Adobe InDesign Desktop processes files. When a user opens a maliciously crafted file, it can lead to arbitrary code execution. Attackers can exploit these vulnerabilities to...

Vulnerability fixed in Adobe Photoshop

Adobe has fixed a vulnerability in Photoshop Desktop Versions 12.3, 8 and earlier. The vulnerability is in how Photoshop Desktop handles opening maliciously crafted files. This vulnerability allows attackers to execute arbitrary code within the application. Adobe has released updates to fix the...

Vulnerabilities fixed in Adobe Illustrator

Adobe has fixed vulnerabilities in Adobe Illustrator Versions 28.7.8, 29.6.1 and earlier. The vulnerabilities are in the way Adobe Illustrator handles rogue files. These vulnerabilities can lead to arbitrary code execution, allowing attackers to perform unauthorized actions on affected systems. T...

Vulnerabilities fixed in Fortinet products

Fortinet has fixed vulnerabilities in FortiOS, FortiProxy, FortiPAM, FortiSIEM, FortiWeb and FortiADC. The most serious vulnerability allows an unauthenticated attacker to remotely execute arbitrary code on FortiSIEM using custom CLI commands. Forti indicates that PoC code is available for this...

Vulnerabilities fixed in Zoom

Zoom has fixed vulnerabilities in Zoom Clients for Windows. The first vulnerability concerns an untrusted search path issue, which could allow unauthenticated remote users to elevate their privileges via network access. The second vulnerability concerns a race condition in the installer, which ca...

Vulnerabilities fixed in Ivanti Connect Secure, Policy Secure and ZTA Gateways

Ivanti has fixed vulnerabilities in Connect Secure, Policy Secure and ZTA Gateways. The vulnerabilities include a buffer over-read and a heap-based buffer overflow, both of which can be exploited by remote unauthenticated attackers to cause a denial-of-service DoS. There is also an issue with the...

Vulnerabilities fixed in Microsoft Exchange Server

Microsoft has fixed vulnerabilities in Microsoft Exchange Server. The vulnerabilities in Microsoft Exchange Server result from improper input validation and the improper handling of special elements, which allow unauthorized attackers to manipulate data and forge communications. This can lead to...

Vulnerabilities fixed in Microsoft Windows

Microsoft has fixed vulnerabilities in Windows, including Hyper-V, Graphics Component, and Routing and Remote Access Service RRAS. The vulnerabilities include several types of attacks, such as local privilege escalation, unwarranted access to sensitive information, and the potential for...

Vulnerabilities fixed in Microsoft Office

Microsoft has fixed vulnerabilities in Microsoft Office including SharePoint, Visio, Word, Excel and PowerPoint. The vulnerabilities in Microsoft Office include several "use after free" errors, heap-based buffer overflows and other vulnerabilities that allow unauthorized attackers to execute...

Vulnerabilities fixed in Azure products

Microsoft has fixed vulnerabilities in Azure products. The vulnerabilities are related to improper access control mechanisms, allowing authorized attackers to perform local spoofing attacks, obtain elevated privileges, reveal sensitive information and compromise the integrity of systems. This can...

Vulnerabilities fixed in Microsoft Developer Tools

Microsoft has fixed vulnerabilities in Web Deploy. The vulnerability in Web Deploy results from the deserialization of untrusted data. This issue can be exploited by an authorized attacker, enabling them to remotely execute code on the affected system. Web Deploy:...

Vulnerabilities fixed in Microsoft SQL Server

Microsoft has fixed vulnerabilities in SQL Server. The vulnerabilities are related to improper access management and SQL injection, which allows authorized attackers to escalate privileges within a network. This can lead to unauthorized access and manipulation of sensitive data. The vulnerabiliti...

Vulnerabilities fixed in Siemens products

Siemens has fixed vulnerabilities in several products such as SIMATIC, SINEC, SIMAC, RUGGEDCOM, SIMOTION, SINAMICS, SIPROTEC and SINUMERIK. The vulnerabilities potentially enable a malicious person to carry out attacks that can lead to the following categories of damage: Denial-of-Service DoS...

Vulnerability fixed in WinRAR

Rarlab has fixed a vulnerability in WinRAR. The vulnerability is in the Windows version of WinRAR and involves a path traversal. This flaw allows attackers to execute arbitrary code using malicious archive files. This can lead to unauthorized access and control of affected systems. Public sources...

Vulnerability fixed in Microsoft Exchange

Microsoft has fixed a vulnerability in Microsoft Exchange Server hybrid deployments. The vulnerability allows a user with administrative privileges on an on-premises Microsoft Exchange server to elevate privileges to the cloud. Microsoft has released a Hot Fix to fix the vulnerability. See attach...

Vulnerabilities fixed in Trend Micro Apex One

Trend Micro has fixed vulnerabilities in the Apex One management console. The vulnerability in the management console allows a remote attacker without authentication to arbitrarily upload code and execute commands on affected installations. Both CVEs are similar, it just affects different CPU...

Vulnerabilities fixed in Rockwell Automation Arena

Rockwell Automation has fixed vulnerabilities in Arena Simulation. The vulnerabilities are in the way Arena Simulation processes files, with this it is possible to manipulate and read memory. The vulnerabilities allow malicious actors to reveal sensitive information and execute arbitrary code whe...

Vulnerability fixed in SonicWall SonicOS

SonicWall has fixed a vulnerability in SonicOS. The vulnerability is in how SonicOS' SSL VPN interface handles externally controlled formatting strings. This can be exploited by external, unauthenticated attackers, leading to service disruptions. Attackers can exploit this vulnerability to affect...

Vulnerabilities fixed in Apple macOS, iOS and iPadOS

Apple has fixed vulnerabilities in macOS, iOS and iPadOS. The vulnerabilities include several issues, such as insufficient input validation, memory corruption, and logic issues that can lead to unauthorized access to sensitive user data. These vulnerabilities can be exploited by malicious parties...

Vulnerabilities fixed in Autodesk AutoCAD

Autodesk has fixed vulnerabilities in AutoCAD. The vulnerabilities are in the way certain Autodesk products handle specially crafted files. These vulnerabilities can lead to memory corruption, Out-of-Bounds write and read conditions, and Use-After-Free errors. This can result in consequences such...

Vulnerabilities fixed in Salesforce Tableau Server

Salesforce has fixed vulnerabilities in Salesforce Tableau Server Specifically for versions lower than 25.1.3, 2024.2.12, and 2023.3.19. The vulnerabilities include unauthorized access to data via user-controlled keys, authorization bypass, unrestricted file uploads of dangerous file types,...

Zeroday vulnerabilities discovered in Microsoft SharePoint Server

Microsoft has released information about actively exploited zeroday vulnerabilities in on-premises versions of Microsoft SharePoint Server. SharePoint Online part of Microsoft 365 has not been affected. The zeroday vulnerabilities, marked CVE-2025-53770 and CVE-2025-53771, allow a malicious perso...

Vulnerabilities fixed in Firefox and Thunderbird

Mozilla has fixed vulnerabilities in Firefox and Thunderbird Specifically for versions under 141. The vulnerabilities cover a wide range of issues including execution of unauthorized code. These vulnerabilities can be exploited by malicious parties to gain access to sensitive information or...

Vulnerabilities fixed in Cisco ISE and ISE-PIC

Cisco has fixed vulnerabilities in Cisco ISE and ISE-PIC. The vulnerabilities are in the way Cisco ISE and ISE-PIC process files through APIs and validate user input. Unauthenticated attackers with access to the API interface can exploit these vulnerabilities to upload and execute arbitrary files...

Vulnerabilities fixed in Microsoft Office

Microsoft has fixed vulnerabilities in several Office products. A malicious party could exploit the vulnerabilities to grant themselves elevated privileges, execute arbitrary code or gain access to sensitive data. Successful exploitation requires the malicious party to trick the victim into openi...

Vulnerability fixed in Keycloak

Red Hat has fixed a vulnerability in Keycloak. The vulnerability is in the way Keycloak handles privileged users. A privileged user can gain full administrative control over a realm, which can lead to unauthorized changes to user roles and configurations. This is especially risky in environments...

Vulnerabilities fixed in Citrix NetScaler ADC and NetScaler Gateway

Citrix has fixed vulnerabilities in NetScaler ADC and NetScaler Gateway. The vulnerability with reference CVE-2025-5777 involves an Out-of-Bounds Read. This vulnerability arises from insufficient input validation in systems configured as Gateway services. These include VPN virtual servers, ICA...

Vulnerabilities fixed in XWiki

XWiki has fixed vulnerabilities in the rendering system and the default macro content parser. The vulnerabilities in the XWiki rendering system allowed attackers to perform XSS attacks due to the dependency on the xdom+xml/current syntax. This vulnerability has been fixed in version 14.10. In...

Vulnerability fixed in Wing FTP Server

The developer of Wing FTP Server has fixed a vulnerability in version 7.4.4. The vulnerability is in the way Wing FTP Server processes null bytes in the user parameter. This allows a remote malicious person to inject arbitrary Lua code into session files, which can lead to the execution of...

Vulnerability fixed in FortiWeb

Fortinet has fixed a vulnerability in FortiWeb. The vulnerability allows unauthenticated attackers to execute unauthorized SQL commands by sending specially crafted HTTP requests. This could compromise the integrity and confidentiality of data managed by FortiWeb. For successful misuse, the...

Vulnerabilities fixed in Adobe InDesign Desktop

Adobe has fixed vulnerabilities in Adobe InDesign Desktop Versions 19.5.3 and earlier. The vulnerabilities are in the way Adobe InDesign Desktop processes files. When a user opens a maliciously crafted file, it can lead to arbitrary code execution. Attackers can exploit these vulnerabilities to...

Vulnerabilities fixed in Zoom Clients

Zoom has fixed vulnerabilities in Zoom Clients Specifically versions for Linux, Windows, iOS and macOS. The vulnerabilities include incorrect certificate validation in Zoom Workplace for Linux, a buffer overflow in specific Zoom Clients for Windows, cross-site scripting in Zoom Clients for Window...

Vulnerability fixed in Juniper SRX300 Series

Juniper has fixed a vulnerability in the Routing Protocol Daemon rpd of its Junos OS, specifically for the SRX300 Series. The vulnerability is in how the Routing Protocol Daemon rpd on vulnerable SRX300 Series systems processes BGP updates. Unauthenticated attackers can send a specially crafted B...

Vulnerability fixed in Juniper Networks Security Director

Juniper has fixed a vulnerability in Juniper Networks Security Director. The vulnerability is located in the web interface of Juniper Networks Security Director, where insufficient authorization validation allows unauthenticated attackers to access and manipulate sensitive resources. This can lea...

Vulnerabilities fixed in Adobe Illustrator

Adobe has fixed vulnerabilities in Adobe Illustrator Versions 28.7.6, 29.5.1 and earlier. The vulnerabilities are in the way Adobe Illustrator handles rogue files. These vulnerabilities can lead to arbitrary code execution, allowing attackers to perform unauthorized actions on affected systems. T...

Vulnerabilities fixed in Adobe Framemaker

Adobe has fixed vulnerabilities in Adobe Framemaker Versions 2020.8, 2022.6 and earlier. The vulnerabilities in Adobe Framemaker are related to several types of vulnerabilities, including Heap-based Buffer Overflow, Integer Underflow, and NULL Pointer Dereference. These vulnerabilities can lead t...

Vulnerabilities fixed in Adobe ColdFusion

Adobe has fixed vulnerabilities in ColdFusion Specifically for versions 25.2, 23.14, 21.20 and earlier. The vulnerabilities in ColdFusion include a significant vulnerability related to improper restriction of XML External Entity Reference XXE, hard-coded credentials, improper authorization, XML...

Vulnerabilities fixed in Schneider Electric EcoStruxture IT Datacenter Expert

Schneider Electric has fixed vulnerabilities in EcoStruxture IT Datacenter Expert. The vulnerabilities include insufficient control over special elements in OS commands, which can result in unauthenticated external code execution. In addition, there is an issue with insufficient entropy in passwo...

Vulnerabilities fixed in Palo Alto PAN OS

Palo Alto Networks has fixed vulnerabilities in PAN-OS. The vulnerabilities include an information leak in the SD-WAN feature, which allows unauthorized users to intercept packets and access unsecured data from the firewall. This poses a risk to sensitive information being transmitted. In additio...

Vulnerabilities fixed in SAP products

SAP has fixed vulnerabilities in several products, including SAP S/4HANA, SAP SCM, and SAP NetWeaver. The vulnerabilities include remote code execution, code injection, and insecure deserialization, which can be exploited by attackers with user privileges to create or execute malicious code. This...