Alerts

F5 has released security updates to address several vulnerabilities affecting multiple F5 products. The addressed vulnerabilities could allow the attacker to gain elevated privileges, manipulate files, bypass security restrictions, perform denial of service attacks, or gain access by using SSH key-based authentication to the affected product. Sample of the addressed vulnerabilities: 1. F5OS Improper Authorization […]

VMware has released security updates to fix multiple vulnerabilities across several VMware products. The addressed vulnerabilities could allow the remote attacker with non-administrative privileges on a guest VM to manipulate certain files or perform cross-site scripting attacks on the affected product. Sample of the addressed vulnerabilities: VMware Aria Automation DOM-Based Cross-Site Scripting Vulnerability (CVE-2025-22249): CVSS:

SonicWall has released a security update to fix Multiple vulnerabilities affecting SonicWall SMA 100 Series (SMA 200, 210, 400, 410, 500v). The addressed vulnerabilities could allow the remote authenticated attacker to bypass path checks and delete files potentially resulting in a reboot to factory defaults, or inject shell command arguments to upload a file on

Microsoft has released an updated Microsoft Edge stable channel “136.0.3240.50” to fix multiple vulnerabilities. The addressed vulnerabilities could allow the remote attacker to perform a denial of service attack, obtain sensitive information, or execute arbitrary code and gain access to the affected systems. Sample of the addressed vulnerabilities: 1. Microsoft Edge (Chromium-based) Heap Buffer Overflow

SonicWall has released a security update to fix one vulnerability affecting SonicWall SMA1000. The addressed vulnerability could allow the remote attacker to perform a serverside request forgery (SSRF) which will cause the appliance to make requests to an unintended location. Sonicwall SMA1000 Server-Side Request Forgery Vulnerability (CVE-2025-2170): CVSS: 7.2 Attack Vector: Network Attack Complexity: Low

SonicWall has released a security update to address a vulnerability across SonicOS SSLVPN Virtual Office interface. The addressed vulnerability could allow the unauthenticated remote attacker to cause a denial of service attack and crash the affected firewall system. SonicOS SSLVPN NULL Pointer Dereference Denial-of-Service Vulnerability (CVE-2025-32818): CVSS: 7.5 Attack Vector: Network Attack Complexity: Low Privileges

Google has released an updated Chrome version “135.0.7049.95/.96” for Windows, Mac, and “135.0.7049.95” for Linux. The addressed vulnerabilities could allow the remote attacker to execute arbitrary code via a crafted HTML page and gain access to the affected system. Sample of the addressed vulnerabilities: Google Chrome Heap Buffer Overflow in Codecs Vulnerability (CVE-2025-3619): CVSS: 8.8

Cisco has released security updates to fix several vulnerabilities affecting multiple Cisco products. The addressed vulnerabilities could allow the attacker to bypass security restrictions, collect sensitive information, or execute arbitrary commands and gain access to the affected product. Sample of the addressed vulnerabilities: 1. Cisco Webex App Client-Side Remote Code Execution Vulnerability (CVE-2025-20236): CVSS: 8.8

SonicWall has released security updates to address several vulnerabilities across SonicWall NetExtender Windows, Connect Tunnel Windows, and the SMA 100 series. The addressed vulnerabilities could allow the attacker to perform denial of service attacks, cause file corruption, manipulate file paths, or execute arbitrary code and gain access to the affected system. Sample of the addressed

Apple has released security updates to address several vulnerabilities across macOS Sequoia. The addressed vulnerabilities could allow the attacker to bypass security restrictions, execute arbitrary code, and gain access to the affected system. The addressed vulnerabilities: 1. Apple macOS Sequoia Code Execution Vulnerability ( CVE-2025-31200): CVSS: 7.5 Attack Vector: Network Attack Complexity: High Privileges Required:

Microsoft has released an updated Microsoft Edge stable channel “135.0.3179.73” to address a vulnerability. The addressed vulnerability could allow the remote attacker to execute arbitrary code by persuading the victim to visit a malicious page. Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability (CVE-2025-29834): CVSS: 7.5 Attack Vector: Network Attack Complexity: High Privileges Required: None User

Juniper has released security updates to fix several vulnerabilities affecting multiple Juniper Networks products. The addressed vulnerabilities could allow the attacker to perform denial of service attacks, obtain sensitive information, or execute arbitrary code, and gain access to the affected systems. Sample of the addressed vulnerabilities: 1. Juniper Networks Junos OS (SRX Series) Denial of

HPE Aruba has released security updates to fix multiple vulnerabilities affectingseveral Aruba  products. The addressed vulnerabilities could allow the attacker to execute arbitrary code/commands, download arbitrary files, perform cross-site scripting (XSS), modify files, and gain access to the affected systems. Sample of the addressed vulnerabilities: 1. Authenticated Remote Code Execution Vulnerabilities in Web-Based Management Interface