Vulnerabilities fixed in Microsoft Edge (Chromium based)

Microsoft fixed vulnerabilities in Edge Chromium-based A malicious party could exploit the vulnerabilities to execute arbitrary code with the victim's privileges, or to access sensitive data in the context of the victim's browser. This update also fixes the vulnerability with attribute...

Vulnerabilities fixed in Microsoft Visual Studio

Microsoft has fixed vulnerabilities in Visual Studio. A malicious person could exploit the vulnerabilities to grant themselves elevated privileges, or execute arbitrary code. Some of the vulnerabilities were previously fixed in the code of several open source projects related to GIT. Visual Studi...

Vulnerabilities fixed in Microsoft SQL Server

Microsoft has fixed vulnerabilities in SQL Server. A malicious party could exploit the vulnerabilities to execute arbitrary code or gain access to sensitive data. Of the vulnerability with reference CVE-2025-49719, Microsoft says it has information that it has the attention of researchers on clos...

Vulnerabilities fixed in Microsoft Azure

Microsoft has fixed vulnerabilities in Azure Service Fabric and Monitor Agent. A malicious person could exploit the vulnerabilities to grant themselves elevated privileges or to execute arbitrary code. Service Fabric: |----------------|------|-------------------------------------| | CVE ID | CVSS...

Vulnerabilities fixed in Microsoft Windows

Microsoft has fixed vulnerabilities in Windows. A malicious party can exploit the vulnerabilities to carry out attacks that can lead to the following categories of damage: - Denial-of-Service DoS - Manipulation of data - Circumvention of a security measure - Execution of arbitrary code - Accessin...

Vulnerabilities fixed in Splunk Enterprise and Splunk Cloud Platform

Splunk has fixed vulnerabilities in Splunk Enterprise and Splunk Cloud Platform. The vulnerabilities in Splunk Enterprise and Splunk Cloud Platform allow both low-privileged and high-privileged users to perform unauthorized actions, such as suppressing alerts, executing remote commands, and causi...

Vulnerabilities fixed in Siemens products

Siemens has fixed vulnerabilities in various products such as SIMATIC, SINEC, SIPROTEC, Solid Edge and TIA, The vulnerabilities potentially enable a malicious person to carry out attacks that can lead to the following categories of damage: - Denial-of-Service DoS - Manipulation of data -...

Vulnerability fixed in Cisco Unified Communications Manager

Cisco has fixed a vulnerability in Cisco Unified Communications Manager and Cisco Unified Communications Manager Session Management Edition. The vulnerability is in the hard-coded root SSH credentials that cannot be changed or deleted. This allows unauthenticated remote attackers to log in and...

Vulnerability fixed in Google Chrome

Google has fixed a vulnerability in Google Chrome Specifically for versions prior to 138.0.7204.96. The vulnerability is located in Google Chrome's V8 engine and is classified as a high severity confusion type vulnerability. This allows attackers to perform arbitrary read/write operations through...

Vulnerabilities fixed in Adobe Commerce

Adobe has fixed vulnerabilities in Adobe Commerce Versions 2.4.8 and earlier. The vulnerabilities are in Adobe Commerce's security mechanisms, allowing both high- and low-privileged attackers to bypass security measures. This can lead to unauthorized access to sensitive information and execution ...

Vulnerabilities fixed in Adobe InDesign Desktop

Adobe has fixed vulnerabilities in InDesign Desktop Specifically for versions ID20.2, ID19.5.3, and earlier. The vulnerabilities include a Heap-based Buffer Overflow, Use After Free, NULL Pointer Dereference, and out-of-bounds read, all of which can lead to arbitrary code execution or disclosure ...

Vulnerabilities fixed in Adobe Acrobat Reader

Adobe has fixed vulnerabilities in Acrobat Reader Specifically for versions 24.001.30235, 20.005.30763, 25.001.20521 and earlier. The vulnerabilities include a Use After Free, out-of-bounds write, out-of-bounds read and NULL Pointer Dereference. These vulnerabilities can lead to the execution of...

Vulnerability fixed in IBM WebSphere Application Server

IBM has fixed a vulnerability in IBM WebSphere Application Server Versions 8.5 and 9.0. The vulnerability is in the processing of specially crafted serialized objects. This problem can be exploited by attackers to execute arbitrary code on the server. IBM has released updates to fix the...

Vulnerability fixed in Citrix NetScaler ADC and NetScaler Gateway

Citrix has fixed a vulnerability in NetScaler ADC and NetScaler Gateway. To be vulnerable, NetScaler must be configured as a Gateway VPN virtual server, ICA Proxy, CVPN, RDP Proxy or AAA virtual server. Note that this is often default config. The vulnerability is in the way memory is managed in...

Vulnerabilities fixed in IBM InfoSphere Information Server

IBM has fixed vulnerabilities in IBM InfoSphere Information Server Versions 11.7.0.0 to 11.7.1.6. The first vulnerability involves a Denial-of-Service vulnerability that stems from insufficient validation of incoming request sources. This can be exploited to disrupt service availability. The seco...

Vulnerability fixed in IBM Spectrum Protect Server

IBM has fixed a vulnerability in IBM Spectrum Protect Server Versions 8.1 to 8.1.26. The vulnerability is located in IBM Spectrum Protect Server's authentication mechanisms. This flaw allows attackers to bypass authentication, allowing unauthorized users to access sensitive data. This could...

Vulnerabilities fixed in IBM QRadar SIEM

IBM has fixed vulnerabilities in IBM QRadar SIEM Specific to version 7.5.0 Update Package 12. The vulnerabilities include an ability for an authorized user to modify critical configuration files, which could lead to uploading malicious autoupdate files and executing arbitrary commands within the...

Vulnerability fixed in Cisco AnyConnect VPN for Meraki MX and Z

Cisco has fixed a vulnerability in the Cisco AnyConnect VPN server on Cisco Meraki MX and Z Series devices. The vulnerability is in how the Cisco AnyConnect VPN server initializes variables during the establishment of SSL VPN sessions. Unauthenticated remote attackers can exploit this...

Vulnerabilities fixed in Veeam Backup

Veeam has fixed vulnerabilities in Veeam Backup & Replication 12.3.2.3617 and Veeam Agent for Microsoft Windows 6.3.2.1205. The vulnerabilities can be exploited after access to compromise backup servers. The highest rated vulnerability, CVE-2025-23121, allows an attacker with domain user privileg...

Vulnerability fixed in GeoServer

GeoServer developers have fixed a vulnerability in GeoServer 2.27.0, 2.26.2, 2.25.6, GeoTools 33.0, 32.2, 31.6, 28.6.0 and GeoNetwork 4.4.7, 4..2.12. The vulnerability is located in the Eclipse XSD library. The vulnerability allows unauthenticated attackers to potentially execute code and access...

Vulnerabilities fixed in Apache Tomcat

Apache has fixed vulnerabilities in Apache Tomcat Specifically for versions 11.0.0-M1 to 11.0.7, 10.1.0-M1 to 10.1.41, and 9.0.0-M1 to 9.0.105. The vulnerabilities include denial-of-service due to insufficient limits on multipart headers, lack of resource allocation without limits, untrusted sear...

Vulnerabilities fixed in Trend Micro Apex One and Apex Central

Trend Micro has fixed vulnerabilities in Apex One and Apex Central. A malicious party could exploit the vulnerabilities to grant themselves elevated privileges, execute arbitrary code or gain access to sensitive data. Trend Micro has released updates to fix the vulnerabilities. See attached...

Vulnerabilities fixed in Ivanti Workspace Control

Ivanti has fixed vulnerabilities in Ivanti Workspace Control Specifically for versions prior to 10.19.10.0. The vulnerabilities are in the hard-coded keys within Ivanti Workspace Control, specifically in versions prior to 10.19.10.0. These vulnerabilities allow local, authenticated attackers to...

Vulnerabilities fixed in Fortinet FortiOS

Fortinet has fixed vulnerabilities in FortiOS. The vulnerabilities include improper certificate validation that allows attackers to connect to FortiClient via revoked certificates, leading to unauthorized access. In addition, there are vulnerabilities in session escalation and privilege managemen...

Vulnerabilities fixed in Adobe Commerce and Magento

Adobe has fixed vulnerabilities in Adobe Commerce and Magento Open Source. The vulnerabilities are in the way Adobe Commerce handles security measures. Attackers with elevated privileges can exploit a stored Cross-Site Scripting XSS vulnerability by injecting malicious scripts into form fields,...

Vulnerabilities fixed in Microsoft Developer Tools

Microsoft has fixed vulnerabilities in several Developer Tools. A malicious person could exploit the vulnerabilities to execute arbitrary code with victim privileges. Since it cannot be ruled out that developers work with elevated privileges, it is plausible that execution of arbitrary code could...

Vulnerabilities fixed in Microsoft Office

Microsoft has fixed vulnerabilities in Office products. A malicious person could exploit the vulnerabilities to grant themselves elevated privileges and execute arbitrary code in the victim's context, potentially gaining access to sensitive data in the victim's context. Successful exploitation...

Vulnerabilities fixed in Google Chrome and Microsoft Edge

Google has fixed vulnerabilities in Google Chrome versions before 137.0.7151.68. The vulnerabilities are in Google Chrome's V8 engine and Blink. The first vulnerability involves out of bounds read and write problems that can lead to heap corruption. This can be exploited by a malicious party by...

Vulnerabilities fixed in Microsoft Windows

Microsoft has fixed vulnerabilities in Windows. A malicious party can exploit the vulnerabilities to carry out attacks that can lead to the following categories of damage: - Denial of Service DoS - Bypassing a security measure - Execution of arbitrary code User privileges - Execution of arbitrary...

Vulnerabilities fixed in Siemens products

Siemens has fixed vulnerabilities in several products such as RUGGEDCOM, SCALANCE, SIMATIC and Tecnomatix The vulnerabilities potentially enable a malicious person to carry out attacks that could lead to the following categories of damage: - Denial-of-Service DoS - Manipulation of data -...

Vulnerabilities fixed in SAP Products

SAP has fixed vulnerabilities in various SAP products such as HANA, Business Objects and Netweaver. The vulnerabilities include a lack of authorization controls, allowing attackers to execute functions without restrictions. This can lead to unauthorized actions within the application, which can...

Vulnerabilities fixed in Google Android and Samsung Mobile

Google has fixed vulnerabilities in the Android operating system. Samsung has fixed vulnerabilities relevant to Samsung Mobile in Samsung Mobile. The vulnerabilities are in how the GPU Kernel Drivers handle system calls from non-privileged users. This can lead to unauthorized access to memory,...

Vulnerability fixed in Roundcube Webmail

Roundcube has fixed a vulnerability in Roundcube Webmail specifically versions before 1.5.10 and 1.6.x before 1.6.11. An authenticated malicious party can exploit the vulnerability to execute arbitrary code. To do so, the malicious party must send a rogue HTTP request to the Roundcube application...

Vulnerabilities fixed in HPE StoreOnce Software

HPE has fixed vulnerabilities in HPE StoreOnce Software. The vulnerabilities include command injection and remote code execution, which can lead to unauthorized access and control of affected systems. In addition, there are vulnerabilities for authentication bypass, directory traversal and...

Vulnerability fixed in Cisco Identity Services Engine for cloud platforms

Cisco has fixed a vulnerability in Identity Services Engine ISE for cloud platforms. The vulnerability involves a flaw in automatic password generation when Cisco ISE is installed on a cloud platform. This causes the same passwords to be used in different ISE cloud environments. This allows an...

Vulnerability fixed in IBM Tivoli Monitoring

IBM has fixed a vulnerability in IBM Tivoli Monitoring version 6.3.0.7 through Service Pack 19. The vulnerability is in the improper validation of an index within a dynamically allocated array. This issue could allow a malicious person to execute arbitrary code on affected systems. IBM has releas...

Vulnerability fixed in Siemens SiPass Integrated

Siemens has fixed a vulnerability in SiPass Integrated. The vulnerability is in the server applications of the SiPass Integrated system, specifically in the way it handles out-of-bounds reads. This can lead to a denial-of-service DoS, compromising the availability of services that depend on the...

Vulnerabilities fixed in Infoblox NETMRI

Infoblox has fixed vulnerabilities in NETMRI Specific for versions prior to 7.6.1. The vulnerabilities include a critical vulnerability that allows remote authenticated users to access arbitrary files with root privileges, an unauthenticated remote command injection vulnerability that allows...

Vulnerabilities fixed in ABB ASPECT product line

ABB has fixed vulnerabilities in the ASPECT product line, including ASPECT-Enterprise, NEXUS Series and MATRIX Series up to version 3.08.03. The vulnerabilities include Remote Code Execution, SQL injection, servlet injection, and various forms of file access and manipulation. These vulnerabilitie...

Vulnerabilities fixed in GitLab

GitLab has fixed vulnerabilities in both the Community and Enterprise Editions of GitLab. The vulnerabilities include falsely displaying full e-mail addresses to unauthorized users, insufficient input validation that can lead to Denial-of-Service, and the ability for attackers to expose masked CI...

Vulnerabilities fixed in Trend Micro Apex Central

Trend Micro has fixed vulnerabilities in Apex Central. A malicious party could exploit the vulnerabilities to execute a Server-Side Request Forgery SSRF, or through unlimited file uploads, potentially execute arbitrary code on the vulnerable system, or gain access to sensitive data. Trend Micro h...

Vulnerabilities fixed in Cisco Unified Intelligence Center

Cisco has fixed vulnerabilities in Cisco Unified Intelligence Center. The vulnerabilities are in how Cisco Unified Intelligence Center's API validates user parameters. This can lead to privilege escalation, where authenticated attackers can gain unauthorized access to other users' sensitive data...

Vulnerability fixed in Cisco Identity Services Engine

Cisco has fixed a vulnerability in Cisco Identity Services Engine ISE. The vulnerability is in the way Cisco ISE handles RADIUS messages. Unauthenticated remote attackers can exploit this vulnerability, which can lead to a denial-of-service DoS situation on affected devices, compromising their...

Vulnerabilities fixed in Cisco Webex

Cisco has fixed vulnerabilities in Cisco Webex. The vulnerabilities are in the way Cisco Webex filters user input. Unauthenticated attackers can exploit these vulnerabilities to perform cross-site scripting XSS attacks by convincing users to click on malicious links. Such an attack can lead to...

Vulnerabilities fixed in VMware products

Broadcom has fixed vulnerabilities in VMware ESXi including Workstation and Fusion and vCenter Server. The vulnerabilities include a command-execution vulnerability in vCenter Server that allows authenticated attackers to execute arbitrary code on the server. There is also a denial-of-service...

Vulnerabilities fixed in VMware Cloud Foundation

Broadcom has fixed vulnerabilities in VMware Cloud Foundation. The vulnerabilities include a directory traversal vulnerability that allows unauthorized access to internal services by attackers with network access to port 443. In addition, a vulnerability that could expose sensitive information to...

Vulnerabilities fixed in Google Chrome

Google has fixed vulnerabilities in Google Chrome. The vulnerabilities are in the way Chrome handles certain components, including Mojo and the Loader. A malicious party could exploit these vulnerabilities to leak data or take over accounts, such as by getting a victim to click on a madafilde lin...

Vulnerabilities fixed in Ivanti Endpoint Manager Mobile (EPMM, formerly MobileIron)

Ivanti has fixed vulnerabilities in the Ivanti Endpoint Manager Mobile EPMM, formerly MobileIron. Only the On-prem versions of the EPMM are vulnerable. The vulnerabilities involve an authentication bypass and remote code execution that can be jointly abused to remotely execute code on Ivanti...

Vulnerability fixed in FortiVoice

Fortinet has fixed a vulnerability in FortiVoice, FortiMail, FortiNDR, FortiRecorder and FortiCamera. The vulnerability is in the way FortiVoice systems handle HTTP requests, leading to a stack-based buffer overflow. This allows a malicious, unauthenticated attacker to execute arbitrary code by...

Vulnerabilities fixed in Zoho ManageEngine

Zoho has fixed vulnerabilities in ManageEngine ADSelfService Plus versions 6513 and earlier and ManageEngine ADAudit Plus versions 8510 and earlier. The vulnerabilities are in the way the applications process SQL queries. In the case of ADSelfService Plus, authenticated users can execute arbitrar...