π¨ CVE-2025-59337
Discourse is an open-source community discussion platform. In versions 3.5.0 and below, malicious meta-commands could be embedded in a backup dump and executed during restore. In multisite setups, this allowed an admin of one site to access data or credentials from other sites. This issue is fixed in version 3.5.1.
π@cveNotify
Discourse is an open-source community discussion platform. In versions 3.5.0 and below, malicious meta-commands could be embedded in a backup dump and executed during restore. In multisite setups, this allowed an admin of one site to access data or credentials from other sites. This issue is fixed in version 3.5.1.
π@cveNotify
GitHub
SECURITY: Use nonce-based restrictions during restore Β· discourse/discourse@43536b6
A platform for community discussion. Free, open, simple. - SECURITY: Use nonce-based restrictions during restore Β· discourse/discourse@43536b6
π¨ CVE-2025-36156
IBM InfoSphere Data Replication VSAM for z/OS Remote Source 11.4 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. A local user with access to the files storing CECSUB or CECRM on the container could overflow the buffer and execute arbitrary code on the system.
π@cveNotify
IBM InfoSphere Data Replication VSAM for z/OS Remote Source 11.4 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. A local user with access to the files storing CECSUB or CECRM on the container could overflow the buffer and execute arbitrary code on the system.
π@cveNotify
Ibm
Security Bulletin: IBM InfoSphere Data Replication VSAM for z/OS Remote Source is vulnerable to a stack-based buffer overflow
IBM InfoSphere Data Replication VSAM for z/OS Remote Source is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. A local user with access to the files storing CECSUB or CECRM on the container could overflow the buffer and executeβ¦
π¨ CVE-2025-54283
Illustrator versions 29.7, 28.7.9 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
π@cveNotify
Illustrator versions 29.7, 28.7.9 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
π@cveNotify
Adobe
Adobe Security Bulletin
Security Updates Available for Adobe Illustrator | APSB25-102
π¨ CVE-2025-54284
Illustrator versions 29.7, 28.7.9 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
π@cveNotify
Illustrator versions 29.7, 28.7.9 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
π@cveNotify
Adobe
Adobe Security Bulletin
Security Updates Available for Adobe Illustrator | APSB25-102
π¨ CVE-2025-61798
Dimension versions 4.1.4 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
π@cveNotify
Dimension versions 4.1.4 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
π@cveNotify
Adobe
Adobe Security Bulletin
Security updates available for Adobe Dimension | APSB25-103
π¨ CVE-2025-61799
Dimension versions 4.1.4 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
π@cveNotify
Dimension versions 4.1.4 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
π@cveNotify
Adobe
Adobe Security Bulletin
Security updates available for Adobe Dimension | APSB25-103
π¨ CVE-2025-61800
Dimension versions 4.1.4 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
π@cveNotify
Dimension versions 4.1.4 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
π@cveNotify
Adobe
Adobe Security Bulletin
Security updates available for Adobe Dimension | APSB25-103
π¨ CVE-2025-61801
Dimension versions 4.1.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
π@cveNotify
Dimension versions 4.1.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
π@cveNotify
Adobe
Adobe Security Bulletin
Security updates available for Adobe Dimension | APSB25-103
π¨ CVE-2025-61802
Substance3D - Stager versions 3.1.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
π@cveNotify
Substance3D - Stager versions 3.1.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
π@cveNotify
Adobe
Adobe Security Bulletin
Security updates available for Adobe Substance 3D Stager | APSB25-104
π¨ CVE-2025-61803
Substance3D - Stager versions 3.1.4 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
π@cveNotify
Substance3D - Stager versions 3.1.4 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
π@cveNotify
Adobe
Adobe Security Bulletin
Security updates available for Adobe Substance 3D Stager | APSB25-104
π¨ CVE-2025-61805
Substance3D - Stager versions 3.1.4 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
π@cveNotify
Substance3D - Stager versions 3.1.4 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
π@cveNotify
Adobe
Adobe Security Bulletin
Security updates available for Adobe Substance 3D Stager | APSB25-104
π¨ CVE-2025-61806
Substance3D - Stager versions 3.1.4 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
π@cveNotify
Substance3D - Stager versions 3.1.4 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
π@cveNotify
Adobe
Adobe Security Bulletin
Security updates available for Adobe Substance 3D Stager | APSB25-104
π¨ CVE-2025-61807
Substance3D - Stager versions 3.1.4 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
π@cveNotify
Substance3D - Stager versions 3.1.4 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
π@cveNotify
Adobe
Adobe Security Bulletin
Security updates available for Adobe Substance 3D Stager | APSB25-104
π¨ CVE-2025-43280
The issue was resolved by not loading remote images This issue is fixed in iOS 18.6 and iPadOS 18.6. Forwarding an email could display remote images in Mail in Lockdown Mode.
π@cveNotify
The issue was resolved by not loading remote images This issue is fixed in iOS 18.6 and iPadOS 18.6. Forwarding an email could display remote images in Mail in Lockdown Mode.
π@cveNotify
Apple Support
About the security content of iOS 18.6 and iPadOS 18.6 - Apple Support
This document describes the security content of iOS 18.6 and iPadOS 18.6.
π¨ CVE-2025-43281
The issue was addressed with improved authentication. This issue is fixed in macOS Sequoia 15.6. A local attacker may be able to elevate their privileges.
π@cveNotify
The issue was addressed with improved authentication. This issue is fixed in macOS Sequoia 15.6. A local attacker may be able to elevate their privileges.
π@cveNotify
Apple Support
About the security content of macOS Sequoia 15.6 - Apple Support
This document describes the security content of macOS Sequoia 15.6.
π¨ CVE-2025-43282
A double free issue was addressed with improved memory management. This issue is fixed in macOS Sequoia 15.6, iOS 18.6 and iPadOS 18.6, watchOS 11.6, tvOS 18.6, visionOS 2.6, macOS Ventura 13.7.7, macOS Sonoma 14.7.7, iPadOS 17.7.9. An app may be able to cause unexpected system termination.
π@cveNotify
A double free issue was addressed with improved memory management. This issue is fixed in macOS Sequoia 15.6, iOS 18.6 and iPadOS 18.6, watchOS 11.6, tvOS 18.6, visionOS 2.6, macOS Ventura 13.7.7, macOS Sonoma 14.7.7, iPadOS 17.7.9. An app may be able to cause unexpected system termination.
π@cveNotify
Apple Support
About the security content of iOS 18.6 and iPadOS 18.6 - Apple Support
This document describes the security content of iOS 18.6 and iPadOS 18.6.
π¨ CVE-2025-43313
A logic issue was addressed with improved restrictions. This issue is fixed in macOS Ventura 13.7.7, macOS Sonoma 14.7.7, macOS Sequoia 15.6. An app may be able to access sensitive user data.
π@cveNotify
A logic issue was addressed with improved restrictions. This issue is fixed in macOS Ventura 13.7.7, macOS Sonoma 14.7.7, macOS Sequoia 15.6. An app may be able to access sensitive user data.
π@cveNotify
Apple Support
About the security content of macOS Sequoia 15.6 - Apple Support
This document describes the security content of macOS Sequoia 15.6.
π¨ CVE-2025-54086
CVE-2025-54086 is an excess permissions vulnerability in the
Warehouse component of Absolute Secure Access prior to version 14.10. Attackers
with access to the local file system can read the Java keystore file. The
attack complexity is low, there are no attack requirements, the privileges
required are low and no user interaction is required. Impact to confidentiality
is low, there is no impact to integrity or availability.
π@cveNotify
CVE-2025-54086 is an excess permissions vulnerability in the
Warehouse component of Absolute Secure Access prior to version 14.10. Attackers
with access to the local file system can read the Java keystore file. The
attack complexity is low, there are no attack requirements, the privileges
required are low and no user interaction is required. Impact to confidentiality
is low, there is no impact to integrity or availability.
π@cveNotify
Absolute
CVE-2025-54086 | Absolute Security
Excess permissions vulnerability in the Secure Access Warehouse prior to version 14.10.
π¨ CVE-2025-54087
CVE-2025-54087 is a server-side request forgery
vulnerability in Secure Access prior to version 14.10. Attackers with
administrative privileges can publish a crafted test HTTP request originating
from the Secure Access server. The attack complexity is high, there are no
attack requirements, and user interaction is required. There is no direct
impact to confidentiality, integrity, or availability. There is a low severity
subsequent system impact to integrity.
π@cveNotify
CVE-2025-54087 is a server-side request forgery
vulnerability in Secure Access prior to version 14.10. Attackers with
administrative privileges can publish a crafted test HTTP request originating
from the Secure Access server. The attack complexity is high, there are no
attack requirements, and user interaction is required. There is no direct
impact to confidentiality, integrity, or availability. There is a low severity
subsequent system impact to integrity.
π@cveNotify
Absolute
CVE-2025-54087 | Absolute Security
Request forgery vulnerability in Secure Access Server prior to version 14.10.
π¨ CVE-2025-54088
CVE-2025-54088 is an open-redirect vulnerability in Secure
Access prior to version 14.10. Attackers with access to the console can
redirect victims to an arbitrary URL. The attack complexity is low, attack
requirements are present, no privileges are required, and users must actively
participate in the attack. Impact to confidentiality is low and there is no
impact to integrity or availability. There are high severity impacts to
confidentiality, integrity, availability in subsequent systems.
π@cveNotify
CVE-2025-54088 is an open-redirect vulnerability in Secure
Access prior to version 14.10. Attackers with access to the console can
redirect victims to an arbitrary URL. The attack complexity is low, attack
requirements are present, no privileges are required, and users must actively
participate in the attack. Impact to confidentiality is low and there is no
impact to integrity or availability. There are high severity impacts to
confidentiality, integrity, availability in subsequent systems.
π@cveNotify
Absolute
CVE-2025-54088 | Absolute Security
Open-redirect vulnerability in the administrative console of Absolute Secure Access prior to version 14.10.
π¨ CVE-2025-54089
CVE-2025-54089 is a cross-site scripting vulnerability in versions
of secure access prior to 14.10. Attackers with administrative access to the
console can interfere with another administratorβs access to the console. The
attack complexity is low; there are no attack requirements. Privileges required
to execute the attack are high and the victim must actively participate in the
attack sequence. There is no impact to confidentiality or availability, there
is a low impact to integrity.
π@cveNotify
CVE-2025-54089 is a cross-site scripting vulnerability in versions
of secure access prior to 14.10. Attackers with administrative access to the
console can interfere with another administratorβs access to the console. The
attack complexity is low; there are no attack requirements. Privileges required
to execute the attack are high and the victim must actively participate in the
attack sequence. There is no impact to confidentiality or availability, there
is a low impact to integrity.
π@cveNotify
Absolute
CVE-2025-54089 | Absolute Security
Cross-site scripting vulnerability in the administrative console of Secure Access prior to version 14.10.