π¨ CVE-2025-59938
Wazuh is a free and open source platform used for threat prevention, detection, and response. In versions starting from 3.8.0 to before 4.11.0, wazuh-analysisd is vulnerable to a heap buffer overflow when parsing XML elements from Windows EventChannel messages. This issue has been patched in version 4.11.0.
π@cveNotify
Wazuh is a free and open source platform used for threat prevention, detection, and response. In versions starting from 3.8.0 to before 4.11.0, wazuh-analysisd is vulnerable to a heap buffer overflow when parsing XML elements from Windows EventChannel messages. This issue has been patched in version 4.11.0.
π@cveNotify
GitHub
Heap buffer overflow in wazuh-analysisd
### Summary
Heap buffer overflow in `wazuh-analysisd` when parsing XML elements from Windows `EventChannel` messages.
### Details
Tested version: `Wazuh v4.10.0`
**Backtrace:**
```
#0...
Heap buffer overflow in `wazuh-analysisd` when parsing XML elements from Windows `EventChannel` messages.
### Details
Tested version: `Wazuh v4.10.0`
**Backtrace:**
```
#0...
π¨ CVE-2025-58055
Discourse is an open-source community discussion platform. In versions 3.5.0 and below, the Discourse AI suggestion endpoints for topic βTitleβ, βCategoryβ, and βTagsβ allowed authenticated users to extract information about topics that they werenβt authorized to access. By modifying the βtopic_idβ value in API requests to the AI suggestion endpoints, users could target specific restricted topics. The AI modelβs responses then disclosed information that the authenticated user couldnβt normally access. This issue is fixed in version 3.5.1. To workaround this issue, users can restrict group access to the AI helper feature through the "composer_ai_helper_allowed_groups" and "post_ai_helper_allowed_groups" site settings.
π@cveNotify
Discourse is an open-source community discussion platform. In versions 3.5.0 and below, the Discourse AI suggestion endpoints for topic βTitleβ, βCategoryβ, and βTagsβ allowed authenticated users to extract information about topics that they werenβt authorized to access. By modifying the βtopic_idβ value in API requests to the AI suggestion endpoints, users could target specific restricted topics. The AI modelβs responses then disclosed information that the authenticated user couldnβt normally access. This issue is fixed in version 3.5.1. To workaround this issue, users can restrict group access to the AI helper feature through the "composer_ai_helper_allowed_groups" and "post_ai_helper_allowed_groups" site settings.
π@cveNotify
GitHub
SECURITY: AI helper suggestions based on a topic should check user ha⦠· discourse/discourse@28d569c
β¦s access to it
π¨ CVE-2025-59337
Discourse is an open-source community discussion platform. In versions 3.5.0 and below, malicious meta-commands could be embedded in a backup dump and executed during restore. In multisite setups, this allowed an admin of one site to access data or credentials from other sites. This issue is fixed in version 3.5.1.
π@cveNotify
Discourse is an open-source community discussion platform. In versions 3.5.0 and below, malicious meta-commands could be embedded in a backup dump and executed during restore. In multisite setups, this allowed an admin of one site to access data or credentials from other sites. This issue is fixed in version 3.5.1.
π@cveNotify
GitHub
SECURITY: Use nonce-based restrictions during restore Β· discourse/discourse@43536b6
A platform for community discussion. Free, open, simple. - SECURITY: Use nonce-based restrictions during restore Β· discourse/discourse@43536b6
π¨ CVE-2025-36156
IBM InfoSphere Data Replication VSAM for z/OS Remote Source 11.4 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. A local user with access to the files storing CECSUB or CECRM on the container could overflow the buffer and execute arbitrary code on the system.
π@cveNotify
IBM InfoSphere Data Replication VSAM for z/OS Remote Source 11.4 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. A local user with access to the files storing CECSUB or CECRM on the container could overflow the buffer and execute arbitrary code on the system.
π@cveNotify
Ibm
Security Bulletin: IBM InfoSphere Data Replication VSAM for z/OS Remote Source is vulnerable to a stack-based buffer overflow
IBM InfoSphere Data Replication VSAM for z/OS Remote Source is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. A local user with access to the files storing CECSUB or CECRM on the container could overflow the buffer and executeβ¦
π¨ CVE-2025-54283
Illustrator versions 29.7, 28.7.9 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
π@cveNotify
Illustrator versions 29.7, 28.7.9 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
π@cveNotify
Adobe
Adobe Security Bulletin
Security Updates Available for Adobe Illustrator | APSB25-102
π¨ CVE-2025-54284
Illustrator versions 29.7, 28.7.9 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
π@cveNotify
Illustrator versions 29.7, 28.7.9 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
π@cveNotify
Adobe
Adobe Security Bulletin
Security Updates Available for Adobe Illustrator | APSB25-102
π¨ CVE-2025-61798
Dimension versions 4.1.4 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
π@cveNotify
Dimension versions 4.1.4 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
π@cveNotify
Adobe
Adobe Security Bulletin
Security updates available for Adobe Dimension | APSB25-103
π¨ CVE-2025-61799
Dimension versions 4.1.4 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
π@cveNotify
Dimension versions 4.1.4 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
π@cveNotify
Adobe
Adobe Security Bulletin
Security updates available for Adobe Dimension | APSB25-103
π¨ CVE-2025-61800
Dimension versions 4.1.4 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
π@cveNotify
Dimension versions 4.1.4 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
π@cveNotify
Adobe
Adobe Security Bulletin
Security updates available for Adobe Dimension | APSB25-103
π¨ CVE-2025-61801
Dimension versions 4.1.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
π@cveNotify
Dimension versions 4.1.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
π@cveNotify
Adobe
Adobe Security Bulletin
Security updates available for Adobe Dimension | APSB25-103
π¨ CVE-2025-61802
Substance3D - Stager versions 3.1.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
π@cveNotify
Substance3D - Stager versions 3.1.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
π@cveNotify
Adobe
Adobe Security Bulletin
Security updates available for Adobe Substance 3D Stager | APSB25-104
π¨ CVE-2025-61803
Substance3D - Stager versions 3.1.4 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
π@cveNotify
Substance3D - Stager versions 3.1.4 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
π@cveNotify
Adobe
Adobe Security Bulletin
Security updates available for Adobe Substance 3D Stager | APSB25-104
π¨ CVE-2025-61805
Substance3D - Stager versions 3.1.4 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
π@cveNotify
Substance3D - Stager versions 3.1.4 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
π@cveNotify
Adobe
Adobe Security Bulletin
Security updates available for Adobe Substance 3D Stager | APSB25-104
π¨ CVE-2025-61806
Substance3D - Stager versions 3.1.4 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
π@cveNotify
Substance3D - Stager versions 3.1.4 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
π@cveNotify
Adobe
Adobe Security Bulletin
Security updates available for Adobe Substance 3D Stager | APSB25-104
π¨ CVE-2025-61807
Substance3D - Stager versions 3.1.4 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
π@cveNotify
Substance3D - Stager versions 3.1.4 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
π@cveNotify
Adobe
Adobe Security Bulletin
Security updates available for Adobe Substance 3D Stager | APSB25-104
π¨ CVE-2025-43280
The issue was resolved by not loading remote images This issue is fixed in iOS 18.6 and iPadOS 18.6. Forwarding an email could display remote images in Mail in Lockdown Mode.
π@cveNotify
The issue was resolved by not loading remote images This issue is fixed in iOS 18.6 and iPadOS 18.6. Forwarding an email could display remote images in Mail in Lockdown Mode.
π@cveNotify
Apple Support
About the security content of iOS 18.6 and iPadOS 18.6 - Apple Support
This document describes the security content of iOS 18.6 and iPadOS 18.6.
π¨ CVE-2025-43281
The issue was addressed with improved authentication. This issue is fixed in macOS Sequoia 15.6. A local attacker may be able to elevate their privileges.
π@cveNotify
The issue was addressed with improved authentication. This issue is fixed in macOS Sequoia 15.6. A local attacker may be able to elevate their privileges.
π@cveNotify
Apple Support
About the security content of macOS Sequoia 15.6 - Apple Support
This document describes the security content of macOS Sequoia 15.6.
π¨ CVE-2025-43282
A double free issue was addressed with improved memory management. This issue is fixed in macOS Sequoia 15.6, iOS 18.6 and iPadOS 18.6, watchOS 11.6, tvOS 18.6, visionOS 2.6, macOS Ventura 13.7.7, macOS Sonoma 14.7.7, iPadOS 17.7.9. An app may be able to cause unexpected system termination.
π@cveNotify
A double free issue was addressed with improved memory management. This issue is fixed in macOS Sequoia 15.6, iOS 18.6 and iPadOS 18.6, watchOS 11.6, tvOS 18.6, visionOS 2.6, macOS Ventura 13.7.7, macOS Sonoma 14.7.7, iPadOS 17.7.9. An app may be able to cause unexpected system termination.
π@cveNotify
Apple Support
About the security content of iOS 18.6 and iPadOS 18.6 - Apple Support
This document describes the security content of iOS 18.6 and iPadOS 18.6.
π¨ CVE-2025-43313
A logic issue was addressed with improved restrictions. This issue is fixed in macOS Ventura 13.7.7, macOS Sonoma 14.7.7, macOS Sequoia 15.6. An app may be able to access sensitive user data.
π@cveNotify
A logic issue was addressed with improved restrictions. This issue is fixed in macOS Ventura 13.7.7, macOS Sonoma 14.7.7, macOS Sequoia 15.6. An app may be able to access sensitive user data.
π@cveNotify
Apple Support
About the security content of macOS Sequoia 15.6 - Apple Support
This document describes the security content of macOS Sequoia 15.6.
π¨ CVE-2025-54086
CVE-2025-54086 is an excess permissions vulnerability in the
Warehouse component of Absolute Secure Access prior to version 14.10. Attackers
with access to the local file system can read the Java keystore file. The
attack complexity is low, there are no attack requirements, the privileges
required are low and no user interaction is required. Impact to confidentiality
is low, there is no impact to integrity or availability.
π@cveNotify
CVE-2025-54086 is an excess permissions vulnerability in the
Warehouse component of Absolute Secure Access prior to version 14.10. Attackers
with access to the local file system can read the Java keystore file. The
attack complexity is low, there are no attack requirements, the privileges
required are low and no user interaction is required. Impact to confidentiality
is low, there is no impact to integrity or availability.
π@cveNotify
Absolute
CVE-2025-54086 | Absolute Security
Excess permissions vulnerability in the Secure Access Warehouse prior to version 14.10.
π¨ CVE-2025-54087
CVE-2025-54087 is a server-side request forgery
vulnerability in Secure Access prior to version 14.10. Attackers with
administrative privileges can publish a crafted test HTTP request originating
from the Secure Access server. The attack complexity is high, there are no
attack requirements, and user interaction is required. There is no direct
impact to confidentiality, integrity, or availability. There is a low severity
subsequent system impact to integrity.
π@cveNotify
CVE-2025-54087 is a server-side request forgery
vulnerability in Secure Access prior to version 14.10. Attackers with
administrative privileges can publish a crafted test HTTP request originating
from the Secure Access server. The attack complexity is high, there are no
attack requirements, and user interaction is required. There is no direct
impact to confidentiality, integrity, or availability. There is a low severity
subsequent system impact to integrity.
π@cveNotify
Absolute
CVE-2025-54087 | Absolute Security
Request forgery vulnerability in Secure Access Server prior to version 14.10.