Veeam has released a security update to fix several vulnerabilities across multiple Veeam products. The addressed vulnerabilities could allow the attacker to gain elevated privileges or execute arbitrary code and gain access to the affected system. Sample of the addressed vulnerabilities: 1. Veeam Backup & Replication Remote Code Execution Vulnerability (CVE- 2025-48983): CVSS: 9.9 Attack […]
Veeam Security Update – 14 October 2025 Read More »
SAP has released security updates to address several vulnerabilities affecting multiple SAP products. SAP has released a patch that fixes several vulnerabilities affecting multiple SAP products, such as SAP NetWeaver, SAP S/4HANA, SAP Supplier Relationship Management, SAP NetWeaver Application Server ABAP, SAP BusinessObjects, SAP Print Service, and SAP Commerce Cloud. The attacker could exploit some
SAP Security Patch Day October 2025 Read More »
Juniper has released security updates to fix several vulnerabilities affecting multiple Juniper Networks products. The addressed vulnerabilities could allow the remote attacker to perform denial of service or cross-site scripting attacks, obtain sensitive information, bypass security restrictions, gain elevated privileges, or execute arbitrary commands and gain access to the affected system. Sample of the addressed
Juniper Security Updates – 12 October 2025 Read More »
Google has released an updated Chrome version 141.0.7390.65/.66 for Windows, Mac, and 141.0.7390.65 for Linux. The addressed vulnerabilities could allow the remote attacker to execute arbitrary code and gain access to the affected system by persuading the victim to visit a specially crafted website. Sample of the addressed vulnerabilities: Google Chrome Heap Buffer Overflow in
Google Chrome Security Update – 12 October 2025 Read More »
Grafana has released security updates to address several vulnerabilities affecting multiple Grafana plugins. The addressed vulnerabilities could allow the remote attacker to bypass security restrictions, perform denial of service attacks, or execute arbitrary code and gain access to the affected systems. Sample of the addressed vulnerabilities: 1. Grafana Image Renderer Plugin Remote Code Execution Vulnerability
Grafana Security Updates – 12 October 2025 Read More »
Elastic has released security updates to address several vulnerabilities affecting multiple Elastic products. The addressed vulnerabilities could allow the attacker to perform cross-site scripting attacks, obtain sensitive information, or gain elevated privileges to the affected products. Sample of the addressed vulnerabilities: 1. Elastic Kibana Cross-Site Scripting Vulnerability (CVE-2025-25009): CVSS: 8.7 Attack Vector: Network Attack Complexity:
Elastic Security Updates – 08 October 2025 Read More »
Redis has released security updates to fix several vulnerabilities affecting all Redis Software releases. The addressed vulnerabilities could allow the attacker to perform denial of service attacks, gain elevated privileges, or execute arbitrary code and gain access to the affected product. Sample of the addressed vulnerabilities: Lua Use-After-Free Remote Code Execution Vulnerability (CVE 2025-49844): CVSS:
Redis Security Updates – 08 October 2025 Read More »
Splunk has released security updates to fix several vulnerabilities across multiple Splunk products. The addressed vulnerabilities could allow the attacker to obtain sensitive information, conduct cross-site scripting attacks, conduct denial of service attacks, or gain access to the affected product. Sample of the addressed vulnerabilities: 1. Splunk Enterprise Unauthenticated Blind Server Side Request Forgery (SSRF)Vulnerability
Splunk Security Updates – 07 October 2025 Read More »
Oracle has released a critical security update to fix a zero-day vulnerability across Oracle E-Business Suite, versions 12.2.3-12.2.14. The addressed vulnerability could allow the remote unauthenticated attacker to execute arbitrary code over HTTP and gain access to the affected product. Oracle E-Business Suite Remote Code Execution Vulnerability (CVE-2025-61882): CVSS: 9.8 Attack Vector: Network Attack Complexity:
Oracle Security Update – 06 October 2025 Read More »
Google has released an updated Chrome version 141.0.7390.54/55 for Windows, Mac, and 141.0.7390.54 for Linux. The addressed vulnerabilities could allow the remote attacker to bypass security restrictions, cause application instability/crashes, obtain sensitive information, or execute arbitrary code, and gain access to the affected system by persuading a victim to visit a specially crafted website. Sample
Google Chrome Security Update – 02 October 2025 Read More »
Mozilla has released an updated Firefox version 143.0.3 to fix multiple vulnerabilities. The addressed vulnerabilities could allow the attacker to bypass security restrictions, obtain sensitive information, execute arbitrary code, and gain access to the affected system. The addressed vulnerabilities: 1. Mozilla Firefox Sandbox escape due to integer overflow in the Graphics: Canvas2D component (CVE-2025-11152): CVSS:
Mozilla FireFox Security Updates – 02 October 2025 Read More »
Sudo has released security updates to address several vulnerabilities across Sudo versions 1.8.8 to 1.9.17. The addressed vulnerabilities could allow the local attacker to gain elevated privilege on systems that support the “etc/nsswitch.conf” file by tricking sudo into loading an arbitrary shared library by creating a new file under the user-specified root directory. Sample of
Sudo Security Updates – 01 October 2025 Read More »
Apple has released security updates to address multiple vulnerabilities across macOS Tahoe, Sequoia, Sonoma, and Safari. The addressed vulnerabilities could allow the attacker to perform denial of service attacks, cause memory corruption, bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, and gain access to the affected system. Sample of the addressed
Apple Security Updates – 30 September 2025 Read More »
VMware has released security updates to fix several vulnerabilities across multiple VMware products. The addressed vulnerabilities could allow the attacker to obtain sensitive information, manipulate notification emails, gain elevated privileges, conduct denial of service attacks, or gain access to the affected products. Sample of addressed vulnerabilities: 1. VMware vCenter SMTP Header Injection Vulnerability (CVE-2025-41250): CVSS:
VMware Security Updates – 30 September 2025 Read More »
Cisco has released security updates to fix several vulnerabilities affecting multiple Cisco products. The addressed vulnerabilities could allow the attacker to perform denial of service attacks, conduct cross-site scripting attacks, gain elevated privileges, obtain sensitive information, or execute arbitrary commands and gain access to the affected product. Sample of addressed vulnerabilities: 1. Cisco Secure Firewall
Cisco Security Updates – 28 September 2025 Read More »
Cisco has released security updates to fix several vulnerabilities affecting multiple Cisco products. The addressed vulnerabilities could allow the attacker to perform denial of service attacks, conduct cross-site scripting attacks, obtain sensitive information, bypass security restrictions, or execute arbitrary commands and gain access to the affected product. Sample of addressed vulnerabilities: 1. Cisco IOS XE
Cisco Security Updates – 25 September 2025 Read More »
SolarWinds has released security updates to address multiple vulnerabilities affecting SolarWinds Web Help Desk 12.8.7 and all previous versions, and SolarWinds Database Performance Analyzer 2025.2 and previous versions. The addressed vulnerabilities could allow the attacker to run commands on the host machine and gain unauthorized access to the affected product, or enable a man-in-the-middle (MITM)
SolarWinds Security Updates – 24 September 2025 Read More »
Aruba has released security updates to fix several vulnerabilities across multiple HPE Aruba products. The addressed vulnerabilities could allow the attacker to perform cross-site scripting attacks, bypass security restrictions, conduct denial of service attacks, obtain sensitive information, or execute arbitrary code and gain access to the affected product. Sample of the addressed vulnerabilities: 1. HPE
Aruba Security Updates – 22 September 2025 Read More »
Mozilla has released an updated Firefox version 143, Firefox ESR versions 115.28 and 140.3 to fix multiple vulnerabilities. The addressed vulnerabilities could allow the attacker to perform spoofing attacks, bypass security restrictions, obtain sensitive information, execute arbitrary code, and gain access to the affected system. Sample of the addressed vulnerabilities: 1. Mozilla Firefox Memory Safety
Mozilla Firefox Security Updates – 21 September 2025 Read More »
Fortra has released a security update to fix a critical vulnerability in GoAnywhere MFT’s License Servlet. The addressed vulnerability could allow the remote attacker with a validly forged license response signature to deserialize an arbitrary actor-controlled object, possibly leading to command injection. Deserialization Vulnerability in GoAnywhere MFT’s License Servlet (CVE-2025-10035): CVSS: 10 Attack Vector: Network
Fortra Security Update – 21 September 2025 Read More »
