Tagged: Cybersecurity Alert

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. More information : https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-54897

Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally. More information : https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-54898

Free of memory not on the heap in Microsoft Office Excel allows an unauthorized attacker to execute code locally. More information : https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-54899

Adobe Experience Manager versions 6.5.23.0 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. This could...

ColdFusion versions 2025.3, 2023.15, 2021.21 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability that could lead to arbitrary code execution by an attacker. The...

Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in uxper Sala. This issue affects Sala: from n/a through 1.1.6. More information : https://patchstack.com/database/wordpress/theme/sala/vulnerability/wordpress-sala-theme-1-1-6-local-file-inclusion-vulnerability?_s_id=cve

Local Security Authority Subsystem Service Elevation of Privilege Vulnerability More information : https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-54894

Adobe Experience Manager versions 6.5.23.0 and earlier are affected by an XML Injection vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to manipulate XML queries and...

Adobe Experience Manager versions 6.5.23.0 and earlier are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures...

Adobe Experience Manager versions 6.5.23.0 and earlier are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures...

Adobe Experience Manager versions 6.5.23.0 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to manipulate server-side...

Adobe Experience Manager versions 6.5.23.0 and earlier are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. A high-privileged attacker could leverage this vulnerability to bypass security measures...

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network. More information : https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-54113

Concurrent execution using shared resource with improper synchronization (‘race condition’) in Windows Connected Devices Platform Service allows an authorized attacker to deny service locally. More information : https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-54114