4197 matches found
Vulnerability fixed in Adobe Commerce and Magento
Adobe has fixed a vulnerability in Adobe Commerce and Magento. The vulnerability is in the way input is validated in Adobe Commerce and Magento. This vulnerability allows attackers to perform session takeover attacks without any user interaction, which can compromise the confidentiality and...
Vulnerabilities fixed in Adobe Experience Manager
Adobe has fixed vulnerabilities in Adobe Experience Manager versions 6.5.23.0 and earlier. The vulnerabilities are in the way Adobe Experience Manager handles security measures. Attackers with limited privileges, can exploit these vulnerabilities to perform unauthorized reads and writes, which ca...
Vulnerability fixed in Adobe Dreamweaver
Adobe has fixed a vulnerability in Dreamweaver Desktop Specifically for versions 21.5 and earlier. The vulnerability is in the way Dreamweaver handles CSRF attacks. A malicious party can exploit this vulnerability by allowing a user to interact with a malicious link, which can lead to the executi...
Vulnerability fixed in Adobe ColdFusion
Adobe has fixed a vulnerability in the ColdFusion platform, including versions 2025.3, 2023.15, 2021.21 and earlier. The vulnerability is in the way the ColdFusion platform allows path traversal. The vulnerability can be exploited by attackers to execute arbitrary code on affected systems. This c...
Vulnerabilities fixed in Microsoft SQL Server
Microsoft has fixed vulnerabilities in SQL Server. A malicious party could exploit the vulnerabilities to cause a denial-of-service DoS, grant themselves elevated privileges and/or gain access to sensitive data. Microsoft has made updates available that fix the described vulnerabilities. We...
Vulnerabilities fixed in Microsoft Azure
Microsoft has fixed vulnerabilities in Azure components. A malicious person could exploit the vulnerabilities to grant themselves elevated privileges, or execute arbitrary code. The most serious vulnerability is in the High-Performance Compute Pack HPC and allows an unauthenticated malicious pers...
Vulnerabilities fixed in Microsoft Office
Microsoft has fixed vulnerabilities in several Office products. A malicious party can exploit the vulnerabilities to carry out attacks that can lead to the following categories of damage: - Execution of arbitrary code User privileges - Accessing sensitive data - Obtaining elevated privileges -...
Vulnerabilities fixed in Microsoft Windows
Microsoft has fixed vulnerabilities in Windows. A malicious party can exploit the vulnerabilities to carry out attacks that can lead to the following categories of damage: - Denial-of-Service DoS - Circumvention of a security measure - Execution of arbitrary code root/admin privileges - Execution...
Vulnerabilities fixed in Schneider Electric Saitel
Schneider Electric has fixed vulnerabilities in Saitel components. The vulnerabilities are in how the BLMon Console handles special elements in operating system commands during SSH sessions. A malicious party could exploit these vulnerabilities to execute unauthorized shell commands, which could...
Vulnerabilities fixed in SAP products
SAP has fixed vulnerabilities in several products, including in SAP NetWeaver, SAP NetWeaver Application Server Java and SAP Landscape Transformation. The vulnerabilities are in the RMI-P4 module and the SAP NetWeaver AS Java platform, among others. The vulnerability with reference CVE-2025-42944...
Vulnerabilities fixed in Siemens products
Siemens has fixed vulnerabilities in several products such as Apogee, Industial Edge, RUGGEDCOM, SIMATIC, SIMOTION and SINAMICS. The vulnerabilities potentially enable a malicious person to carry out attacks that can lead to the following categories of damage: - Denial-of-Service DoS - Manipulati...
Vulnerabilities fixed in SAP products
SAP has fixed vulnerabilities in several products, including in SAP NetWeaver Application Server ABAP, SAP S/4HANA, SAP Landscape Transformation and AP Cloud Connector. The vulnerabilities include circumvention of authorization controls, Cross-Site Scripting XSS and a Directory Traversal...
Vulnerabilities fixed in Google Android and Samsung Mobile
Google has fixed vulnerabilities in Android. Samsung has fixed vulnerabilities relevant to Samsung Mobile in Samsung Mobile. The vulnerabilities in the Android kernel include a race condition between functions that manage CPU timers, which can lead to system instability. In addition,...
Vulnerability fixed in FreePBX
FreePBX has fixed a vulnerability in versions 15, 16 and 17. The vulnerability allows attackers to gain unauthorized access and potentially execute remote code by exploiting a validation and remediation error in the processing of user-supplied input, such as in the "endpoint" module. FreePBX...
Vulnerabilities fixed in Arcserve Unified Data Protection
Arcserve has fixed vulnerabilities in Arcserve Unified Data Protection UDP for all versions prior to 10.2. The vulnerabilities include an authentication bypass that allows unauthenticated malicious parties to access protected functions, a reflected cross-site scripting XSS vulnerability that allo...
Vulnerabilities fixed in Cisco NX-OS Software
Cisco has fixed vulnerabilities in Cisco NX-OS Software Specifically for Nexus 3000 and 9000 Series Switches. The vulnerabilities are in several features of the Cisco NX-OS Software. A vulnerability in the command-line interface CLI allows authenticated local malicious actors to perform command...
Vulnerability fixed in CrushFTP
CrushFTP has fixed a vulnerability in versions 10 through 10.8.5 and 11 through 11.3.423. The vulnerability is located in CrushFTP's AS2 validation. This vulnerability allows an attacker to gain administrative access via HTTPS, especially when the DMZ proxy feature is not used. The vulnerability...
Vulnerabilities fixed in IBM Cognos Command Center
IBM has fixed vulnerabilities in IBM Cognos Command Center Versions 10.2.4.1 and 10.2.5. The vulnerabilities in IBM Cognos Command Center allow malicious actors to hijack victims' click actions by tricking them into navigating to a malicious Web site. This can lead to further attacks that...
Vulnerabilities fixed in Citrix NetScaler ADC and Gateway
Citrix has fixed vulnerabilities in the NetScaler ADC and Gateway The vulnerabilities are related to memory overflow and improper access control configurations. Malicious parties can exploit the vulnerabilities to cause a Denial-of-Service and potentially execute arbitrary code on the vulnerable...
Vulnerability fixed in Apple macOS, iOS and iPadOS
Apple has fixed a vulnerability in several Apple operating systems. The vulnerability is in how the systems handle processing malicious image files, which can lead to memory corruption. This problem has been addressed by improved memory limit controls. Apple says it has information that this...
Vulnerabilities fixed in Foxit Reader
Foxit has fixed vulnerabilities in Foxit Reader Specific to version 2025.1.0.27937. The vulnerabilities are in the way Foxit Reader handles PDF files. Malicious parties can exploit these vulnerabilities by tricking users into opening a malicious PDF file or visiting a malicious website, which can...
Vulnerabilities fixed in Commvault
Commvault has fixed vulnerabilities in Commvault components such as CommCell and ComServe versions prior to 11.36.60. The vulnerabilities are in versions of Commvault prior to 11.36.60. The first vulnerability allows unauthenticated attackers to execute API calls through a known login mechanism,...
Vulnerabilities fixed in Cisco Secure Firewall Software
Cisco has fixed multiple vulnerabilities in Cisco Secure Firewall Software including ASA and FTD. The vulnerabilities are in the way Cisco Secure Firewall handles key exchange IKEv2, with this it is possible for an unauthenticated attacker to perform a denial-of-service attack. The vulnerability...
Vulnerabilities fixed in N-able N-Central
N-able has fixed vulnerabilities in N-Central. The vulnerabilities include insecure deserialization that poses the risk of command execution, and command injection that stems from improper sanitization of user input. An attacker could exploit these vulnerabilities to execute unauthorized commands...
Vulnerabilities fixed in Xerox FreeFlow Core
Xerox has fixed vulnerabilities in Xerox FreeFlow Core. The vulnerabilities include a Path Traversal vulnerability that can be exploited by attackers to gain access to unauthorized files, leading to Remote Code Execution RCE. There is also a vulnerability due to improper processing of XML input,...
Vulnerabilities fixed in Adobe InCopy
Adobe has fixed vulnerabilities in InCopy Versions 20.4, 19.5.4 and earlier. The vulnerabilities include an out-of-bounds write, heap-based buffer overflow and use after free, all of which can lead to arbitrarily code execution when a user opens a maliciously crafted file. These vulnerabilities...
Vulnerabilities fixed in Adobe Framemaker
Adobe has fixed vulnerabilities in Adobe Framemaker Versions 2020.8, 2022.6 and earlier. The vulnerabilities include a Use After Free vulnerability that can lead to arbitrary code execution within the context of the application. Exploitation of this vulnerability requires user interaction,...
Vulnerabilities fixed in Adobe Commerce and Magento
Adobe has fixed vulnerabilities in Adobe Commerce and Magento Versions 2.4.9-alpha1 and earlier. The vulnerabilities are in the way Adobe Commerce handles security measures. Attackers with elevated privileges can exploit a stored Cross-Site Scripting XSS vulnerability by injecting malicious scrip...
Vulnerabilities fixed in Adobe InDesign
Adobe has fixed vulnerabilities in InDesign Desktop versions 20.4, 19.5.4, and earlier. The vulnerabilities are in the way Adobe InDesign Desktop processes files. When a user opens a maliciously crafted file, it can lead to arbitrary code execution. Attackers can exploit these vulnerabilities to...
Vulnerability fixed in Adobe Photoshop
Adobe has fixed a vulnerability in Photoshop Desktop Versions 12.3, 8 and earlier. The vulnerability is in how Photoshop Desktop handles opening maliciously crafted files. This vulnerability allows attackers to execute arbitrary code within the application. Adobe has released updates to fix the...
Vulnerabilities fixed in Adobe Illustrator
Adobe has fixed vulnerabilities in Adobe Illustrator Versions 28.7.8, 29.6.1 and earlier. The vulnerabilities are in the way Adobe Illustrator handles rogue files. These vulnerabilities can lead to arbitrary code execution, allowing attackers to perform unauthorized actions on affected systems. T...
Vulnerabilities fixed in Fortinet products
Fortinet has fixed vulnerabilities in FortiOS, FortiProxy, FortiPAM, FortiSIEM, FortiWeb and FortiADC. The most serious vulnerability allows an unauthenticated attacker to remotely execute arbitrary code on FortiSIEM using custom CLI commands. Forti indicates that PoC code is available for this...
Vulnerabilities fixed in Zoom
Zoom has fixed vulnerabilities in Zoom Clients for Windows. The first vulnerability concerns an untrusted search path issue, which could allow unauthenticated remote users to elevate their privileges via network access. The second vulnerability concerns a race condition in the installer, which ca...
Vulnerabilities fixed in Ivanti Connect Secure, Policy Secure and ZTA Gateways
Ivanti has fixed vulnerabilities in Connect Secure, Policy Secure and ZTA Gateways. The vulnerabilities include a buffer over-read and a heap-based buffer overflow, both of which can be exploited by remote unauthenticated attackers to cause a denial-of-service DoS. There is also an issue with the...
Vulnerabilities fixed in Microsoft Exchange Server
Microsoft has fixed vulnerabilities in Microsoft Exchange Server. The vulnerabilities in Microsoft Exchange Server result from improper input validation and the improper handling of special elements, which allow unauthorized attackers to manipulate data and forge communications. This can lead to...
Vulnerabilities fixed in Microsoft Windows
Microsoft has fixed vulnerabilities in Windows, including Hyper-V, Graphics Component, and Routing and Remote Access Service RRAS. The vulnerabilities include several types of attacks, such as local privilege escalation, unwarranted access to sensitive information, and the potential for...
Vulnerabilities fixed in Microsoft Office
Microsoft has fixed vulnerabilities in Microsoft Office including SharePoint, Visio, Word, Excel and PowerPoint. The vulnerabilities in Microsoft Office include several "use after free" errors, heap-based buffer overflows and other vulnerabilities that allow unauthorized attackers to execute...
Vulnerabilities fixed in Azure products
Microsoft has fixed vulnerabilities in Azure products. The vulnerabilities are related to improper access control mechanisms, allowing authorized attackers to perform local spoofing attacks, obtain elevated privileges, reveal sensitive information and compromise the integrity of systems. This can...
Vulnerabilities fixed in Microsoft Developer Tools
Microsoft has fixed vulnerabilities in Web Deploy. The vulnerability in Web Deploy results from the deserialization of untrusted data. This issue can be exploited by an authorized attacker, enabling them to remotely execute code on the affected system. Web Deploy:...
Vulnerabilities fixed in Microsoft SQL Server
Microsoft has fixed vulnerabilities in SQL Server. The vulnerabilities are related to improper access management and SQL injection, which allows authorized attackers to escalate privileges within a network. This can lead to unauthorized access and manipulation of sensitive data. The vulnerabiliti...
Vulnerabilities fixed in Siemens products
Siemens has fixed vulnerabilities in several products such as SIMATIC, SINEC, SIMAC, RUGGEDCOM, SIMOTION, SINAMICS, SIPROTEC and SINUMERIK. The vulnerabilities potentially enable a malicious person to carry out attacks that can lead to the following categories of damage: Denial-of-Service DoS...
Vulnerability fixed in WinRAR
Rarlab has fixed a vulnerability in WinRAR. The vulnerability is in the Windows version of WinRAR and involves a path traversal. This flaw allows attackers to execute arbitrary code using malicious archive files. This can lead to unauthorized access and control of affected systems. Public sources...
Vulnerability fixed in Microsoft Exchange
Microsoft has fixed a vulnerability in Microsoft Exchange Server hybrid deployments. The vulnerability allows a user with administrative privileges on an on-premises Microsoft Exchange server to elevate privileges to the cloud. Microsoft has released a Hot Fix to fix the vulnerability. See attach...
Vulnerabilities fixed in Trend Micro Apex One
Trend Micro has fixed vulnerabilities in the Apex One management console. The vulnerability in the management console allows a remote attacker without authentication to arbitrarily upload code and execute commands on affected installations. Both CVEs are similar, it just affects different CPU...
Vulnerabilities fixed in Rockwell Automation Arena
Rockwell Automation has fixed vulnerabilities in Arena Simulation. The vulnerabilities are in the way Arena Simulation processes files, with this it is possible to manipulate and read memory. The vulnerabilities allow malicious actors to reveal sensitive information and execute arbitrary code whe...
Vulnerability fixed in SonicWall SonicOS
SonicWall has fixed a vulnerability in SonicOS. The vulnerability is in how SonicOS' SSL VPN interface handles externally controlled formatting strings. This can be exploited by external, unauthenticated attackers, leading to service disruptions. Attackers can exploit this vulnerability to affect...
Vulnerabilities fixed in Apple macOS, iOS and iPadOS
Apple has fixed vulnerabilities in macOS, iOS and iPadOS. The vulnerabilities include several issues, such as insufficient input validation, memory corruption, and logic issues that can lead to unauthorized access to sensitive user data. These vulnerabilities can be exploited by malicious parties...
Vulnerabilities fixed in Autodesk AutoCAD
Autodesk has fixed vulnerabilities in AutoCAD. The vulnerabilities are in the way certain Autodesk products handle specially crafted files. These vulnerabilities can lead to memory corruption, Out-of-Bounds write and read conditions, and Use-After-Free errors. This can result in consequences such...
Vulnerabilities fixed in Salesforce Tableau Server
Salesforce has fixed vulnerabilities in Salesforce Tableau Server Specifically for versions lower than 25.1.3, 2024.2.12, and 2023.3.19. The vulnerabilities include unauthorized access to data via user-controlled keys, authorization bypass, unrestricted file uploads of dangerous file types,...
Zeroday vulnerabilities discovered in Microsoft SharePoint Server
Microsoft has released information about actively exploited zeroday vulnerabilities in on-premises versions of Microsoft SharePoint Server. SharePoint Online part of Microsoft 365 has not been affected. The zeroday vulnerabilities, marked CVE-2025-53770 and CVE-2025-53771, allow a malicious perso...