CVSS: 4.4EPSS: 0%CPEs: 2EXPL: 0CVE-2025-46752
https://notcve.org/view.php?id=CVE-2025-46752
16 Oct 2025 — A insertion of sensitive information into log file in Fortinet FortiDLP 12.0.0 through 12.0.5, 11.5.1, 11.4.6, 11.4.5 allows attacker to information disclosure via re-using the enrollment code. • https://fortiguard.fortinet.com/psirt/FG-IR-25-160 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 6.0EPSS: 0%CPEs: 3EXPL: 0CVE-2025-53950
https://notcve.org/view.php?id=CVE-2025-53950
16 Oct 2025 — An Exposure of Private Personal Information ('Privacy Violation') vulnerability [CWE-359] in Fortinet FortiDLP Agent's Outlookproxy plugin for MacOS and Windows 11.5.1 and 11.4.2 through 11.4.6 and 11.3.2 through 11.3.4 and 11.2.0 through 11.2.3 and 11.1.1. through 11.1.2 and 11.0.1 and 10.5.1 and 10.4.0, and 10.3.1 may allow an authenticated administrator to collect current user's email information. • https://fortiguard.fortinet.com/psirt/FG-IR-25-639 • CWE-359: Exposure of Private Personal Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2025-53951
https://notcve.org/view.php?id=CVE-2025-53951
16 Oct 2025 — An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability [CWE-22] in Fortinet FortiDLP Agent's Outlookproxy plugin for Windows 11.5.1 and 11.4.2 through 11.4.6 and 11.3.2 through 11.3.4 and 11.2.0 through 11.2.3 and 11.1.1 through 11.1.2 and 11.0.1 and 10.5.1 and 10.4.0, and 10.3.1 may allow an authenticated attacker to escalate their privilege to LocalService via sending a crafted request to a local listening port. • https://fortiguard.fortinet.com/psirt/FG-IR-25-628 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2025-54268 – Bridge | Heap-based Buffer Overflow (CWE-122)
https://notcve.org/view.php?id=CVE-2025-54268
15 Oct 2025 — Bridge versions 14.1.8, 15.1.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. • https://helpx.adobe.com/security/products/bridge/apsb25-96.html • CWE-122: Heap-based Buffer Overflow •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2025-54278 – Bridge | Heap-based Buffer Overflow (CWE-122)
https://notcve.org/view.php?id=CVE-2025-54278
15 Oct 2025 — Bridge versions 14.1.8, 15.1.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to disclose sensitive information stored in memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file. • https://helpx.adobe.com/security/products/bridge/apsb25-96.html • CWE-122: Heap-based Buffer Overflow •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2025-61804 – Animate | Heap-based Buffer Overflow (CWE-122)
https://notcve.org/view.php?id=CVE-2025-61804
15 Oct 2025 — Animate versions 23.0.13, 24.0.10 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. • https://helpx.adobe.com/security/products/animate/apsb25-97.html • CWE-122: Heap-based Buffer Overflow •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2025-54279 – Animate | Use After Free (CWE-416)
https://notcve.org/view.php?id=CVE-2025-54279
15 Oct 2025 — Animate versions 23.0.13, 24.0.10 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. • https://helpx.adobe.com/security/products/animate/apsb25-97.html • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2025-54269 – Animate | Out-of-bounds Read (CWE-125)
https://notcve.org/view.php?id=CVE-2025-54269
15 Oct 2025 — Animate versions 23.0.13, 24.0.10 and earlier are affected by an out-of-bounds read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to disclose sensitive information stored in memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file. • https://helpx.adobe.com/security/products/animate/apsb25-97.html • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2025-54270 – Animate | NULL Pointer Dereference (CWE-476)
https://notcve.org/view.php?id=CVE-2025-54270
15 Oct 2025 — Animate versions 23.0.13, 24.0.10 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to disclose sensitive memory information. Exploitation of this issue requires user interaction in that a victim must open a malicious file. • https://helpx.adobe.com/security/products/animate/apsb25-97.html • CWE-476: NULL Pointer Dereference •
CVSS: 8.1EPSS: 0%CPEs: 3EXPL: 0CVE-2025-49552 – Adobe Connect | Cross-site Scripting (DOM-based XSS) (CWE-79)
https://notcve.org/view.php?id=CVE-2025-49552
14 Oct 2025 — Adobe Connect versions 12.9 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by a high-privileged attacker to execute malicious scripts in a victim's browser. Exploitation of this issue requires user interaction in that a victim must navigate to a crafted web page. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact as high. Scope is changed. • https://helpx.adobe.com/security/products/connect/apsb25-70.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •