Alerts

Trend Micro has released security updates to address several vulnerabilities Affecting Trend Micro Apex One 2019 (On-prem), and Apex One as a Service. The addressed vulnerabilities could allow the attacker to gain elevated privileges, manipulate data, or execute arbitrary code and gain access to the affected product. Sample of the addressed vulnerabilities: 1. Trend Micro

Splunk has released security updates to fix two vulnerabilities affecting Splunk Enterprise, Splunk Cloud Platform, and Splunk Universal Forwarder for Windows. The addressed vulnerabilities could allow the remote attacker to conduct crosssite scripting attacks or gain access to the affected product. The addressed vulnerabilities: 1. Incorrect Permission Assignment on Splunk Universal Forwarder for Windows Vulnerability

Google has released an updated Chrome version 137.0.7151.68/.69 for Windows, Mac, and 137.0.7151.68 for Linux. The addressed vulnerabilities could allow the remote attacker to execute arbitrary code and gain access to the affected system by exploiting heap corruption via a crafted HTML page. Sample of the addressed vulnerabilities: Google Chrome Code Execution Vulnerability (CVE-2025- 5419):

Apache has released security updates to address several vulnerabilities affecting multiple Apache Tomcat versions. The addressed vulnerabilities could allow the remote attacker to perform denial of service attacks or bypass security restrictions on the affected systems. Sample of the addressed vulnerabilities: Apache Tomcat CGI Security Constraint Security Bypass Vulnerability (CVE-2025- 46701): CVSS: 7.3 Attack Vector:

Citrix has released security updates to address multiple vulnerabilities affecting Citrix XenServer and Citrix Hypervisor. The addressed vulnerabilities could allow the local attacker to gain elevated privileges by exposing various facilities to userspace by the XenBus, XenCons, and XenIface drivers. Sample of the addressed vulnerabilities: XenServer and Citrix Hypervisor Privilege Escalation Vulnerability (CVE-2025- 27462): CVSS:

Mozilla has released an updated Firefox version 139, Firefox ESR versions 128.11 and 115.24 to fix multiple vulnerabilities. The addressed vulnerabilities could allow the attacker to obtain sensitive information or execute arbitrary code and gain access to the affected system. Sample of the addressed vulnerabilities: 1. Mozilla Firefox Unencrypted SNI Information Disclosure Vulnerability (CVE-2025-5270): CVSS:

Google has released an updated Chrome version 137.0.7151.55/56 for Windows and Mac, and version 137.0.7151.55 for Linux. The addressed vulnerabilities could allow the attacker to bypass security restrictions, or execute arbitrary code by persuading the victim to visit a specially crafted website and gain access to the affected system. Sample of the addressed vulnerabilities: 1.

Grafana has released security updates to address several vulnerabilities affecting Grafana OSS and Grafana Enterprise. The addressed vulnerabilities could allow the remote attacker to gain elevated privileges, conduct cross-site scripting attacks, or delete the server administrator account. Sample of the addressed vulnerabilities: Grafana Cross-Site-Scripting (XSS) via Custom Loaded Frontend Plugin Vulnerability (CVE-2025-4123): CVSS: 7.6 Attack

Google has released an updated Chrome version 137.0.7151.40/.41 for Windows and Mac. The addressed vulnerabilities could allow the attacker to bypass security restrictions, obtain sensitive information, or execute arbitrary code by persuading the victim to visit a specially crafted website and gain access to the affected system. Sample of the addressed vulnerabilities: 1. Google Chrome

VMware has released security updates to fix several vulnerabilities affecting multiple VMware products. The addressed vulnerabilities could allow the attacker to perform denial of service attacks, cause a cross-site scripting attack, execute arbitrary commands/codes, and gain access to the affected product. Sample of the addressed vulnerabilities: 1. VMware vCenter Server Authenticated Command Execution Vulnerability (CVE-2025-41225):

Cisco has released security updates to fix several vulnerabilities affecting multiple Cisco products. The addressed vulnerabilities could allow the attacker to perform cross-site scripting attacks, manipulate files, escalate privileges, conduct denial of service attacks, or execute arbitrary code and gain access to the affected systems. Sample of addressed vulnerabilities: 1. Cisco Identity Services Engine RADIUS

VMware has released security updates to fix multiple vulnerabilities affecting VMware Cloud Foundation. The addressed vulnerabilities could allow the attacker to obtain sensitive information, execute arbitrary commands/codes, and gain access to the affected systems. Sample of the addressed vulnerabilities: 1. VMware Cloud Foundation Directory Traversal Vulnerability (CVE-2025- 41229): CVSS: 8.2 Attack Vector: Network Attack Complexity:

Mozilla has released an updated Firefox version 138.0.4, Firefox ESR versions 128.10.1, and 115.23.1 to fix multiple vulnerabilities. The addressed vulnerabilities could allow the remote attacker to obtain sensitive information, or execute arbitrary code and gain access to the affected system by persuading the victim to visit a specially crafted website. The addressed vulnerabilities: 1.

Palo Alto has released security updates to fix multiple vulnerabilities affecting Palo Alto PAN-OS and Palo Alto Cortex XDR. The addressed vulnerabilities could allow the attacker to perform denial-of-service attacks, bypass security restrictions, conduct cross-site scripting attacks, manipulate data, obtain sensitive information, execute arbitrary commands/codes, and gain access to the affected systems. Sample of the

Intel has released security updates to address several vulnerabilities affecting multiple Intel products. The addressed vulnerabilities could allow the attacker to gain elevated privileges, perform denial-of-service attacks, or obtain sensitive information and gain access to the affected systems. Samples of the addressed vulnerabilities: 1. Intel Gaudi Software Installer Advisory Improper Access Control Vulnerability (CVE-2024-45067): CVSS: