Aruba has released a security update to fix several vulnerabilities affecting HPE Aruba StoreOnce Software. The addressed vulnerabilities could allow the remote attacker to obtain sensitive information, perform server-side request forgery attacks, manipulate data, bypass security restrictions, or execute arbitrary code and gain access to the affected systems. Sample of the addressed vulnerabilities: 1. HPE […]
Aruba Security Update – 04 June 2025 Read More »
Apache has released security updates to address several vulnerabilities affecting multiple Apache Tomcat versions. The addressed vulnerabilities could allow the remote attacker to perform denial of service attacks or bypass security restrictions on the affected systems. Sample of the addressed vulnerabilities: Apache Tomcat CGI Security Constraint Security Bypass Vulnerability (CVE-2025- 46701): CVSS: 7.3 Attack Vector:
Apache Tomcat Security Updates – 01 June 2025 Read More »
Citrix has released security updates to address multiple vulnerabilities affecting Citrix XenServer and Citrix Hypervisor. The addressed vulnerabilities could allow the local attacker to gain elevated privileges by exposing various facilities to userspace by the XenBus, XenCons, and XenIface drivers. Sample of the addressed vulnerabilities: XenServer and Citrix Hypervisor Privilege Escalation Vulnerability (CVE-2025- 27462): CVSS:
Citrix Security Updates – 28 May 2025 Read More »
Mozilla has released an updated Firefox version 139, Firefox ESR versions 128.11 and 115.24 to fix multiple vulnerabilities. The addressed vulnerabilities could allow the attacker to obtain sensitive information or execute arbitrary code and gain access to the affected system. Sample of the addressed vulnerabilities: 1. Mozilla Firefox Unencrypted SNI Information Disclosure Vulnerability (CVE-2025-5270): CVSS:
Mozilla Firefox Security Updates – 28 May 2025 Read More »
Google has released an updated Chrome version 137.0.7151.55/56 for Windows and Mac, and version 137.0.7151.55 for Linux. The addressed vulnerabilities could allow the attacker to bypass security restrictions, or execute arbitrary code by persuading the victim to visit a specially crafted website and gain access to the affected system. Sample of the addressed vulnerabilities: 1.
Google Chrome Security Update – 28 May 2025 Read More »
Grafana has released security updates to address several vulnerabilities affecting Grafana OSS and Grafana Enterprise. The addressed vulnerabilities could allow the remote attacker to gain elevated privileges, conduct cross-site scripting attacks, or delete the server administrator account. Sample of the addressed vulnerabilities: Grafana Cross-Site-Scripting (XSS) via Custom Loaded Frontend Plugin Vulnerability (CVE-2025-4123): CVSS: 7.6 Attack
Grafana Security Update – 25 May 2025 Read More »
Google has released an updated Chrome version 137.0.7151.40/.41 for Windows and Mac. The addressed vulnerabilities could allow the attacker to bypass security restrictions, obtain sensitive information, or execute arbitrary code by persuading the victim to visit a specially crafted website and gain access to the affected system. Sample of the addressed vulnerabilities: 1. Google Chrome
Google Chrome Security Update – 25 May 2025 Read More »
VMware has released security updates to fix several vulnerabilities affecting multiple VMware products. The addressed vulnerabilities could allow the attacker to perform denial of service attacks, cause a cross-site scripting attack, execute arbitrary commands/codes, and gain access to the affected product. Sample of the addressed vulnerabilities: 1. VMware vCenter Server Authenticated Command Execution Vulnerability (CVE-2025-41225):
VMware Security Updates – 22 May 2025 Read More »
Cisco has released security updates to fix several vulnerabilities affecting multiple Cisco products. The addressed vulnerabilities could allow the attacker to perform cross-site scripting attacks, manipulate files, escalate privileges, conduct denial of service attacks, or execute arbitrary code and gain access to the affected systems. Sample of addressed vulnerabilities: 1. Cisco Identity Services Engine RADIUS
Cisco Security Updates – 22 May 2025 Read More »
VMware has released security updates to fix multiple vulnerabilities affecting VMware Cloud Foundation. The addressed vulnerabilities could allow the attacker to obtain sensitive information, execute arbitrary commands/codes, and gain access to the affected systems. Sample of the addressed vulnerabilities: 1. VMware Cloud Foundation Directory Traversal Vulnerability (CVE-2025- 41229): CVSS: 8.2 Attack Vector: Network Attack Complexity:
VMware Security Update – 20 May 2025 Read More »
Mozilla has released an updated Firefox version 138.0.4, Firefox ESR versions 128.10.1, and 115.23.1 to fix multiple vulnerabilities. The addressed vulnerabilities could allow the remote attacker to obtain sensitive information, or execute arbitrary code and gain access to the affected system by persuading the victim to visit a specially crafted website. The addressed vulnerabilities: 1.
Mozilla Firefox Security Updates – 20 May 2025 Read More »
Palo Alto has released security updates to fix multiple vulnerabilities affecting Palo Alto PAN-OS and Palo Alto Cortex XDR. The addressed vulnerabilities could allow the attacker to perform denial-of-service attacks, bypass security restrictions, conduct cross-site scripting attacks, manipulate data, obtain sensitive information, execute arbitrary commands/codes, and gain access to the affected systems. Sample of the
Palo Alto Security Updates – 15 May 2025 Read More »
Intel has released security updates to address several vulnerabilities affecting multiple Intel products. The addressed vulnerabilities could allow the attacker to gain elevated privileges, perform denial-of-service attacks, or obtain sensitive information and gain access to the affected systems. Samples of the addressed vulnerabilities: 1. Intel Gaudi Software Installer Advisory Improper Access Control Vulnerability (CVE-2024-45067): CVSS:
Intel Security Updates – 14 May 2025 Read More »
Adobe has released security updates to address multiple vulnerabilities across several Adobe products. information, bypass security restrictions, execute arbitrary code, and gain elevated privileges to the affected products. Sample of the addressed vulnerabilities: 1. Adobe ColdFusion Improper Input Validation Vulnerability (CVE-2025- 43559): CVSS: 9.1 Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction:
Adobe Security Updates – 14 May 2025 Read More »
Fortinet has released security updates to fix several vulnerabilities across multiple Fortinet products. The addressed vulnerabilities could allow the attacker to bypass security restrictions, gain elevated privileges, perform denial of service attacks, gain access to sensitive information, and gain access to the affected product. Sample of the addressed vulnerabilities: 1. Stack-Based Buffer Overflow Vulnerability in
Fortinet Security Updates – 14 May 2025 Read More »
Apple has released security updates to address multiple vulnerabilities across macOS Sequoia 15.5, Sonoma 14.7.6, Ventura 13.7.6, and Safari 18.5. The addressed vulnerabilities could allow the attacker to perform denial-of service attacks, bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, and gain access to the affected systems. Sample of the addressed
Apple Security Updates – 14 May 2025 Read More »
Zoom has released security updates to fix several vulnerabilities across Zoom Workplace Apps. The addressed vulnerabilities could allow the attacker to conduct a denial of service attack, perform a cross-site scripting attack, bypass security restrictions, or gain elevated privileges to the affected systems. Sample of the addressed vulnerabilities: 1. Zoom Workplace Apps – Time-of-check Time-of-use
Zoom Security Updates – 14 May 2025 Read More »
Ivanti has released security updates to fix multiple vulnerabilities across several Ivanti products. The addressed vulnerabilities could allow the attacker to escalate elevated privileges, access protected resources without proper credentials via the API, execute arbitrary code via crafted API requests, and gain access to the affected systems. Sample of the addressed vulnerabilities: 1. Ivanti Neurons
Ivanti Security Updates – 14 May 2025 Read More »
Microsoft has released its monthly patch of security updates, known as Patch Tuesday. The mentioned patch addressed seven zero-day vulnerabilities. Microsoft has fixed (78) vulnerabilities, with (5) classified as critical as they could allow the attacker to gain elevated privileges, perform denial of service attacks, obtain sensitive information, bypass security restrictions, or execute arbitrary code
Microsoft May 2025 Patch Tuesday Read More »
SAP has released security updates to address several vulnerabilities affecting multiple SAP products. SAP has released a patch that fixes several vulnerabilities affecting multiple SAP products, such as SAP NetWeaver, SAP Supplier Relationship Management, SAP Business Objects Business Intelligence Platform, SAP PDCE, SAP Service Parts Management (SPM), and SAP Landscape Transformation. The attacker could exploit
SAP Security Updates – 13 May 2025 Read More »
