4197 matches found
Vulnerabilities fixed in Firefox and Thunderbird
Mozilla has fixed vulnerabilities in Firefox and Thunderbird Specifically for versions under 141. The vulnerabilities cover a wide range of issues including execution of unauthorized code. These vulnerabilities can be exploited by malicious parties to gain access to sensitive information or...
Vulnerabilities fixed in Cisco ISE and ISE-PIC
Cisco has fixed vulnerabilities in Cisco ISE and ISE-PIC. The vulnerabilities are in the way Cisco ISE and ISE-PIC process files through APIs and validate user input. Unauthenticated attackers with access to the API interface can exploit these vulnerabilities to upload and execute arbitrary files...
Vulnerabilities fixed in Microsoft Office
Microsoft has fixed vulnerabilities in several Office products. A malicious party could exploit the vulnerabilities to grant themselves elevated privileges, execute arbitrary code or gain access to sensitive data. Successful exploitation requires the malicious party to trick the victim into openi...
Vulnerability fixed in Keycloak
Red Hat has fixed a vulnerability in Keycloak. The vulnerability is in the way Keycloak handles privileged users. A privileged user can gain full administrative control over a realm, which can lead to unauthorized changes to user roles and configurations. This is especially risky in environments...
Vulnerabilities fixed in Citrix NetScaler ADC and NetScaler Gateway
Citrix has fixed vulnerabilities in NetScaler ADC and NetScaler Gateway. The vulnerability with reference CVE-2025-5777 involves an Out-of-Bounds Read. This vulnerability arises from insufficient input validation in systems configured as Gateway services. These include VPN virtual servers, ICA...
Vulnerabilities fixed in XWiki
XWiki has fixed vulnerabilities in the rendering system and the default macro content parser. The vulnerabilities in the XWiki rendering system allowed attackers to perform XSS attacks due to the dependency on the xdom+xml/current syntax. This vulnerability has been fixed in version 14.10. In...
Vulnerability fixed in Wing FTP Server
The developer of Wing FTP Server has fixed a vulnerability in version 7.4.4. The vulnerability is in the way Wing FTP Server processes null bytes in the user parameter. This allows a remote malicious person to inject arbitrary Lua code into session files, which can lead to the execution of...
Vulnerability fixed in FortiWeb
Fortinet has fixed a vulnerability in FortiWeb. The vulnerability allows unauthenticated attackers to execute unauthorized SQL commands by sending specially crafted HTTP requests. This could compromise the integrity and confidentiality of data managed by FortiWeb. For successful misuse, the...
Vulnerabilities fixed in Adobe InDesign Desktop
Adobe has fixed vulnerabilities in Adobe InDesign Desktop Versions 19.5.3 and earlier. The vulnerabilities are in the way Adobe InDesign Desktop processes files. When a user opens a maliciously crafted file, it can lead to arbitrary code execution. Attackers can exploit these vulnerabilities to...
Vulnerabilities fixed in Zoom Clients
Zoom has fixed vulnerabilities in Zoom Clients Specifically versions for Linux, Windows, iOS and macOS. The vulnerabilities include incorrect certificate validation in Zoom Workplace for Linux, a buffer overflow in specific Zoom Clients for Windows, cross-site scripting in Zoom Clients for Window...
Vulnerability fixed in Juniper SRX300 Series
Juniper has fixed a vulnerability in the Routing Protocol Daemon rpd of its Junos OS, specifically for the SRX300 Series. The vulnerability is in how the Routing Protocol Daemon rpd on vulnerable SRX300 Series systems processes BGP updates. Unauthenticated attackers can send a specially crafted B...
Vulnerability fixed in Juniper Networks Security Director
Juniper has fixed a vulnerability in Juniper Networks Security Director. The vulnerability is located in the web interface of Juniper Networks Security Director, where insufficient authorization validation allows unauthenticated attackers to access and manipulate sensitive resources. This can lea...
Vulnerabilities fixed in Adobe Illustrator
Adobe has fixed vulnerabilities in Adobe Illustrator Versions 28.7.6, 29.5.1 and earlier. The vulnerabilities are in the way Adobe Illustrator handles rogue files. These vulnerabilities can lead to arbitrary code execution, allowing attackers to perform unauthorized actions on affected systems. T...
Vulnerabilities fixed in Adobe Framemaker
Adobe has fixed vulnerabilities in Adobe Framemaker Versions 2020.8, 2022.6 and earlier. The vulnerabilities in Adobe Framemaker are related to several types of vulnerabilities, including Heap-based Buffer Overflow, Integer Underflow, and NULL Pointer Dereference. These vulnerabilities can lead t...
Vulnerabilities fixed in Adobe ColdFusion
Adobe has fixed vulnerabilities in ColdFusion Specifically for versions 25.2, 23.14, 21.20 and earlier. The vulnerabilities in ColdFusion include a significant vulnerability related to improper restriction of XML External Entity Reference XXE, hard-coded credentials, improper authorization, XML...
Vulnerabilities fixed in Schneider Electric EcoStruxture IT Datacenter Expert
Schneider Electric has fixed vulnerabilities in EcoStruxture IT Datacenter Expert. The vulnerabilities include insufficient control over special elements in OS commands, which can result in unauthenticated external code execution. In addition, there is an issue with insufficient entropy in passwo...
Vulnerabilities fixed in Palo Alto PAN OS
Palo Alto Networks has fixed vulnerabilities in PAN-OS. The vulnerabilities include an information leak in the SD-WAN feature, which allows unauthorized users to intercept packets and access unsecured data from the firewall. This poses a risk to sensitive information being transmitted. In additio...
Vulnerabilities fixed in SAP products
SAP has fixed vulnerabilities in several products, including SAP S/4HANA, SAP SCM, and SAP NetWeaver. The vulnerabilities include remote code execution, code injection, and insecure deserialization, which can be exploited by attackers with user privileges to create or execute malicious code. This...
Vulnerabilities fixed in Microsoft Edge (Chromium based)
Microsoft fixed vulnerabilities in Edge Chromium-based A malicious party could exploit the vulnerabilities to execute arbitrary code with the victim's privileges, or to access sensitive data in the context of the victim's browser. This update also fixes the vulnerability with attribute...
Vulnerabilities fixed in Microsoft Visual Studio
Microsoft has fixed vulnerabilities in Visual Studio. A malicious person could exploit the vulnerabilities to grant themselves elevated privileges, or execute arbitrary code. Some of the vulnerabilities were previously fixed in the code of several open source projects related to GIT. Visual Studi...
Vulnerabilities fixed in Microsoft SQL Server
Microsoft has fixed vulnerabilities in SQL Server. A malicious party could exploit the vulnerabilities to execute arbitrary code or gain access to sensitive data. Of the vulnerability with reference CVE-2025-49719, Microsoft says it has information that it has the attention of researchers on clos...
Vulnerabilities fixed in Microsoft Azure
Microsoft has fixed vulnerabilities in Azure Service Fabric and Monitor Agent. A malicious person could exploit the vulnerabilities to grant themselves elevated privileges or to execute arbitrary code. Service Fabric: |----------------|------|-------------------------------------| | CVE ID | CVSS...
Vulnerabilities fixed in Microsoft Windows
Microsoft has fixed vulnerabilities in Windows. A malicious party can exploit the vulnerabilities to carry out attacks that can lead to the following categories of damage: - Denial-of-Service DoS - Manipulation of data - Circumvention of a security measure - Execution of arbitrary code - Accessin...
Vulnerabilities fixed in Splunk Enterprise and Splunk Cloud Platform
Splunk has fixed vulnerabilities in Splunk Enterprise and Splunk Cloud Platform. The vulnerabilities in Splunk Enterprise and Splunk Cloud Platform allow both low-privileged and high-privileged users to perform unauthorized actions, such as suppressing alerts, executing remote commands, and causi...
Vulnerabilities fixed in Siemens products
Siemens has fixed vulnerabilities in various products such as SIMATIC, SINEC, SIPROTEC, Solid Edge and TIA, The vulnerabilities potentially enable a malicious person to carry out attacks that can lead to the following categories of damage: - Denial-of-Service DoS - Manipulation of data -...
Vulnerability fixed in Cisco Unified Communications Manager
Cisco has fixed a vulnerability in Cisco Unified Communications Manager and Cisco Unified Communications Manager Session Management Edition. The vulnerability is in the hard-coded root SSH credentials that cannot be changed or deleted. This allows unauthenticated remote attackers to log in and...
Vulnerability fixed in Google Chrome
Google has fixed a vulnerability in Google Chrome Specifically for versions prior to 138.0.7204.96. The vulnerability is located in Google Chrome's V8 engine and is classified as a high severity confusion type vulnerability. This allows attackers to perform arbitrary read/write operations through...
Vulnerabilities fixed in Adobe Commerce
Adobe has fixed vulnerabilities in Adobe Commerce Versions 2.4.8 and earlier. The vulnerabilities are in Adobe Commerce's security mechanisms, allowing both high- and low-privileged attackers to bypass security measures. This can lead to unauthorized access to sensitive information and execution ...
Vulnerabilities fixed in Adobe InDesign Desktop
Adobe has fixed vulnerabilities in InDesign Desktop Specifically for versions ID20.2, ID19.5.3, and earlier. The vulnerabilities include a Heap-based Buffer Overflow, Use After Free, NULL Pointer Dereference, and out-of-bounds read, all of which can lead to arbitrary code execution or disclosure ...
Vulnerabilities fixed in Adobe Acrobat Reader
Adobe has fixed vulnerabilities in Acrobat Reader Specifically for versions 24.001.30235, 20.005.30763, 25.001.20521 and earlier. The vulnerabilities include a Use After Free, out-of-bounds write, out-of-bounds read and NULL Pointer Dereference. These vulnerabilities can lead to the execution of...
Vulnerability fixed in IBM WebSphere Application Server
IBM has fixed a vulnerability in IBM WebSphere Application Server Versions 8.5 and 9.0. The vulnerability is in the processing of specially crafted serialized objects. This problem can be exploited by attackers to execute arbitrary code on the server. IBM has released updates to fix the...
Vulnerability fixed in Citrix NetScaler ADC and NetScaler Gateway
Citrix has fixed a vulnerability in NetScaler ADC and NetScaler Gateway. To be vulnerable, NetScaler must be configured as a Gateway VPN virtual server, ICA Proxy, CVPN, RDP Proxy or AAA virtual server. Note that this is often default config. The vulnerability is in the way memory is managed in...
Vulnerabilities fixed in IBM InfoSphere Information Server
IBM has fixed vulnerabilities in IBM InfoSphere Information Server Versions 11.7.0.0 to 11.7.1.6. The first vulnerability involves a Denial-of-Service vulnerability that stems from insufficient validation of incoming request sources. This can be exploited to disrupt service availability. The seco...
Vulnerability fixed in IBM Spectrum Protect Server
IBM has fixed a vulnerability in IBM Spectrum Protect Server Versions 8.1 to 8.1.26. The vulnerability is located in IBM Spectrum Protect Server's authentication mechanisms. This flaw allows attackers to bypass authentication, allowing unauthorized users to access sensitive data. This could...
Vulnerabilities fixed in IBM QRadar SIEM
IBM has fixed vulnerabilities in IBM QRadar SIEM Specific to version 7.5.0 Update Package 12. The vulnerabilities include an ability for an authorized user to modify critical configuration files, which could lead to uploading malicious autoupdate files and executing arbitrary commands within the...
Vulnerability fixed in Cisco AnyConnect VPN for Meraki MX and Z
Cisco has fixed a vulnerability in the Cisco AnyConnect VPN server on Cisco Meraki MX and Z Series devices. The vulnerability is in how the Cisco AnyConnect VPN server initializes variables during the establishment of SSL VPN sessions. Unauthenticated remote attackers can exploit this...
Vulnerabilities fixed in Veeam Backup
Veeam has fixed vulnerabilities in Veeam Backup & Replication 12.3.2.3617 and Veeam Agent for Microsoft Windows 6.3.2.1205. The vulnerabilities can be exploited after access to compromise backup servers. The highest rated vulnerability, CVE-2025-23121, allows an attacker with domain user privileg...
Vulnerability fixed in GeoServer
GeoServer developers have fixed a vulnerability in GeoServer 2.27.0, 2.26.2, 2.25.6, GeoTools 33.0, 32.2, 31.6, 28.6.0 and GeoNetwork 4.4.7, 4..2.12. The vulnerability is located in the Eclipse XSD library. The vulnerability allows unauthenticated attackers to potentially execute code and access...
Vulnerabilities fixed in Apache Tomcat
Apache has fixed vulnerabilities in Apache Tomcat Specifically for versions 11.0.0-M1 to 11.0.7, 10.1.0-M1 to 10.1.41, and 9.0.0-M1 to 9.0.105. The vulnerabilities include denial-of-service due to insufficient limits on multipart headers, lack of resource allocation without limits, untrusted sear...
Vulnerabilities fixed in Trend Micro Apex One and Apex Central
Trend Micro has fixed vulnerabilities in Apex One and Apex Central. A malicious party could exploit the vulnerabilities to grant themselves elevated privileges, execute arbitrary code or gain access to sensitive data. Trend Micro has released updates to fix the vulnerabilities. See attached...
Vulnerabilities fixed in Ivanti Workspace Control
Ivanti has fixed vulnerabilities in Ivanti Workspace Control Specifically for versions prior to 10.19.10.0. The vulnerabilities are in the hard-coded keys within Ivanti Workspace Control, specifically in versions prior to 10.19.10.0. These vulnerabilities allow local, authenticated attackers to...
Vulnerabilities fixed in Fortinet FortiOS
Fortinet has fixed vulnerabilities in FortiOS. The vulnerabilities include improper certificate validation that allows attackers to connect to FortiClient via revoked certificates, leading to unauthorized access. In addition, there are vulnerabilities in session escalation and privilege managemen...
Vulnerabilities fixed in Adobe Commerce and Magento
Adobe has fixed vulnerabilities in Adobe Commerce and Magento Open Source. The vulnerabilities are in the way Adobe Commerce handles security measures. Attackers with elevated privileges can exploit a stored Cross-Site Scripting XSS vulnerability by injecting malicious scripts into form fields,...
Vulnerabilities fixed in Microsoft Developer Tools
Microsoft has fixed vulnerabilities in several Developer Tools. A malicious person could exploit the vulnerabilities to execute arbitrary code with victim privileges. Since it cannot be ruled out that developers work with elevated privileges, it is plausible that execution of arbitrary code could...
Vulnerabilities fixed in Microsoft Office
Microsoft has fixed vulnerabilities in Office products. A malicious person could exploit the vulnerabilities to grant themselves elevated privileges and execute arbitrary code in the victim's context, potentially gaining access to sensitive data in the victim's context. Successful exploitation...
Vulnerabilities fixed in Google Chrome and Microsoft Edge
Google has fixed vulnerabilities in Google Chrome versions before 137.0.7151.68. The vulnerabilities are in Google Chrome's V8 engine and Blink. The first vulnerability involves out of bounds read and write problems that can lead to heap corruption. This can be exploited by a malicious party by...
Vulnerabilities fixed in Microsoft Windows
Microsoft has fixed vulnerabilities in Windows. A malicious party can exploit the vulnerabilities to carry out attacks that can lead to the following categories of damage: - Denial of Service DoS - Bypassing a security measure - Execution of arbitrary code User privileges - Execution of arbitrary...
Vulnerabilities fixed in Siemens products
Siemens has fixed vulnerabilities in several products such as RUGGEDCOM, SCALANCE, SIMATIC and Tecnomatix The vulnerabilities potentially enable a malicious person to carry out attacks that could lead to the following categories of damage: - Denial-of-Service DoS - Manipulation of data -...
Vulnerabilities fixed in SAP Products
SAP has fixed vulnerabilities in various SAP products such as HANA, Business Objects and Netweaver. The vulnerabilities include a lack of authorization controls, allowing attackers to execute functions without restrictions. This can lead to unauthorized actions within the application, which can...
Vulnerabilities fixed in Google Android and Samsung Mobile
Google has fixed vulnerabilities in the Android operating system. Samsung has fixed vulnerabilities relevant to Samsung Mobile in Samsung Mobile. The vulnerabilities are in how the GPU Kernel Drivers handle system calls from non-privileged users. This can lead to unauthorized access to memory,...