Alerts

Ivanti has released security updates to fix several vulnerabilities across multiple Ivanti products. The addressed vulnerabilities could allow the attacker to trigger denial of service attacks, perform server-side request forgery attacks, conduct carriage return line feed injection attacks, obtain sensitive information, or execute arbitrary code and gain access to the affected system. Sample of the

Grafana has released security updates to address multiple vulnerabilities affecting Grafana. The addressed vulnerabilities could allow the remote attacker to bypass security restrictions, obtain sensitive information, or perform denial of service attacks on the affected product. Sample of the addressed vulnerabilities: 1. Authorization Vulnerability In /apis Allows Authenticated Bypass for All Dashboard Permissions (CVE-2025-3260): CVSS:

Microsoft has released an updated Microsoft Edge stable channel version “138.0.3351.65” to address multiple vulnerabilities. The addressed vulnerabilities could allow the attacker to bypass security restrictions, obtain sensitive information, or execute arbitrary code and gain access to the affected system by persuading the victim to visit a specially crafted website. Sample of the addressed vulnerabilities:

Google has released an updated Chrome version 138.0.7204.96/.97 for Windows, 138.0.7204.92/.93 for Mac, and 138.0.7204.96 for Linux. The addressed vulnerabilities could allow the remote attacker to execute arbitrary code and gain access to the affected system by sending a crafted HTML. Google Chrome Code Execution Vulnerability (CVE-2025-6554): CVSS: 8.8 Attack Vector: Network Attack Complexity: Low

Google has released an updated Chrome version 138.0.7204.96/.97 for Windows, 138.0.7204.92/.93 for Mac, and 138.0.7204.96 for Linux. The addressed vulnerabilities could allow the remote attacker to execute arbitrary code and gain access to the affected system by sending a crafted HTML. Google Chrome Code Execution Vulnerability (CVE-2025-6554): CVSS: 8.8 Attack Vector: Network Attack Complexity: Low

Google has released an updated Chrome version 138.0.7204.49 for Linux, and versions 138.0.7204.49/50 for Windows and Mac. The addressed vulnerabilities could allow the remote attacker to bypass security restrictions, execute arbitrary code, and cause memory corruption on the affected devices. Sample of the addressed vulnerabilities: Google Chrome Use After Free in Animation Vulnerability (CVE-2025-6555): CVSS:

Cisco has released security updates to fix several vulnerabilities affecting multiple Cisco products. The addressed vulnerabilities could allow the remote attacker to conduct denial of service attacks by sending a sequence of crafted HTTPS requests or submitting a crafted file containing UDF content to be scanned by ClamAV on the affected systems. Sample of addressed

Google has released an updated Chrome version 137.0.7151.119/.120 for Windows, Mac and 137.0.7151.119 for Linux. The addressed vulnerabilities could allow the remote attacker to execute arbitrary code by persuading the victim to visit a specially crafted website and gain access to the affected system. Sample of the addressed vulnerabilities: Google Chrome Code Execution Vulnerability (CVE-2025-6192):

Google has released an updated Chrome version 137.0.7151.103/.104 for Windows, Mac and 137.0.7151.103 for Linux. The addressed vulnerabilities could allow the remote attacker to execute arbitrary code by persuading the victim to visit a specially crafted website and gain access to the affected system. Sample of the addressed vulnerabilities: Google Chrome Code Execution Vulnerability (CVE-2025-5958):

SolarWinds has released security updates to address several vulnerabilities affecting multiple SolarWinds products. The addressed vulnerabilities could allow the attacker to obtain sensitive information, conduct cross-site scripting attacks, or gain elevated privileges to the affected product. 1. SolarWinds DameWare Mini Remote Control Service Incorrect Permissions Privilege Escalation Vulnerability (CVE-2025-26396): CVSS: 7.8 Attack Vector: Local Attack

Aruba has released security updates to fix several vulnerabilities across multiple HPE Aruba products. The addressed vulnerabilities could allow the attacker to obtain sensitive information, perform path traversal, perform denial of service attacks, or execute arbitrary code and gain access to the affected system. Sample of the addressed vulnerabilities: 1. HPE Aruba Networking Private 5G

Fortinet has released security updates to fix several vulnerabilities across multiple Fortinet products. The addressed vulnerabilities could allow the attacker to gain elevated privileges, obtain sensitive information, conduct server-side request forgery attacks, bypass security restrictions, or execute arbitrary code and gain access to the affected product. Sample of the addressed vulnerabilities: 1. Multiple OS Command

Mozilla has released an updated version of Firefox, 139.0.4 to fix multiple vulnerabilities. The addressed vulnerabilities could allow the remote attacker to conduct denial of service attacks or execute arbitrary code and gain access to the affected system. Sample of the addressed vulnerabilities: Mozilla Firefox Code Execution Vulnerability (CVE-2025-49709): CVSS: 8.8 Attack Vector: Network Attack

Ivanti has released security updates to fix multiple vulnerabilities across Ivanti Workspace Control (IWC) version 10.19.0.0 and prior. The addressed vulnerabilities could allow the attacker to obtain sensitive information by decrypting stored SQL information and environment passwords on the affected system. Sample of the addressed vulnerabilities: Ivanti Workspace Control Information Disclosure Vulnerability (CVE-2025-5353): CVSS: 8.8