Announcements

Microsoft has released its monthly patch of security updates, known as Patch Tuesday. The mentioned patch addressed six actively exploited and three publicly disclosed zero-day vulnerabilities. Microsoft has fixed (59) vulnerabilities that could allow the attacker to gain elevated privileges, perform denial-of-service attacks, obtain sensitive information, conduct spoofing attacks, bypass security restrictions, or execute arbitrary […]

Fortinet has released security updates to fix several vulnerabilities across multiple Fortinet products. The addressed vulnerabilities could allow the attacker to bypass authentication mechanisms, conduct SQL injection and cross-site scripting attacks, perform request smuggling attacks, execute unauthorized code or commands, gain elevated privileges, obtain sensitive information, bypass firewall and access control policies, or gain unauthorized

SAP has released security updates to address several vulnerabilities affecting multiple SAP products. SAP has released a patch that fixes several vulnerabilities affecting multiple SAP products, such as SAP NetWeaver Application Server ABAP and ABAP Platform, SAP NetWeaver, SAP Business One, SAP Business Workflow, SAP S/4HANA, SAP Supply Chain Management, SAP BusinessObjects Business Intelligence Platform,

OpenSSL has released security updates to address several vulnerabilities affecting OpenSSL Software Services. The addressed vulnerabilities could allow the attacker to perform denial-of-service attacks or execute arbitrary code and gain access to the affected system. Sample of the addressed vulnerabilities: OpenSSL Stack Buffer Overflow in CMS AuthEnvelopedData Parsing Vulnerability (CVE-2025-15467): CVSS: 9.8 Attack Vector: Network

SolarWinds has released security updates to address several vulnerabilities affecting multiple SolarWinds products. The addressed vulnerabilities could allow the attacker to bypass security restrictions, gain unauthorized administrative access using the client user account, execute arbitrary code, and gain access to the affected system. Sample of the addressed vulnerabilities: 1. SolarWinds Web Help Desk Authentication Bypass

Ivanti has released a security update to fix multiple vulnerabilities across Ivanti Endpoint Manager Mobile (EPMM). The addressed vulnerabilities could allow the unauthenticated attacker to execute arbitrary code and gain access to the affected systems. Sample of the addressed vulnerabilities: Ivanti Endpoint Manager Code Execution Vulnerability (CVE-2026-1281): CVSS: 9.8 Attack Vector: Network Attack Complexity: Low

Fortinet has released a security update to fix a critical vulnerability across multiple Fortinet products. addressed vulnerability could allow the attacker with a FortiCloud account and a registered device to log into other devices registered to other accounts, if FortiCloud SSO authentication is enabled on those devices. Fortinet FortiOS, FortiManager, and FortiAnalyzer Security Bypass Vulnerability

GNU InetUtils has released a security update to fix a critical vulnerability affecting the telnetd service in GNU InetUtils versions from 1.9.3 through 2.7. The addressed vulnerability could allow the attacker to bypass authentication controls due to improper handling of the user-supplied USER environment variable. The telnetd service passes this variable directly to /usr/bin/login without

Zoom has released a security update to address a critical vulnerability in Zoom Node Multimedia Routers (MMRs) before version 5.2.1716.0. The addressed vulnerability could allow the attacker to act as a meeting participant and conduct remote code execution of the Zoom Node Multimedia Routers MMRsand gain access to the affected system. Zoom Node Deployments –

Google has released an updated Chrome version 144.0.7559.96/.97 for Windows and Mac, and version 144.0.7559.96 for Linux. The addressed vulnerabilities could allow the remote attacker to exploit object corruption and heap corruption via a crafted HTML page, perform UI spoofing and domain spoofing, bypass security restrictions, obtain sensitive information, spoof the contents of the Omnibox,

Mozilla has released an updated Firefox version 147, Firefox ESR versions 115.32, and 140.7 to fix multiple vulnerabilities. The addressed vulnerabilities could allow the attacker to bypass security restrictions, corrupt memory, perform denial of service attacks, obtain sensitive information, execute arbitrary code, and gain access to the affected system. Sample of the addressed vulnerabilities: 1.

Fortinet has released security updates to fix several vulnerabilities across multiple Fortinet products. The addressed vulnerabilities could allow the attacker to obtain sensitive information, gain elevated privileges, perform denial of service attacks, conduct SQL injection attacks, delete arbitrary files, and abuse internal services via serverside request forgery attacks, or execute arbitrary commands/code and gain access

SAP has released security updates to address several vulnerabilities affecting multiple SAP products. SAP has released a patch that fixes several vulnerabilities affecting multiple SAP products, such as SAP S/4HANA Private Cloud and On-Premise (Financials – General Ledger), SAP Wily Introscope Enterprise Manager (WorkStation), SAP S/4HANA (Private Cloud and On-Premise), SAP Landscape Transformation, SAP HANA

Trend Micro has released security updates to address several vulnerabilities affecting Trend Micro Apex Central (On-prem) 2019 versions below Build 7190. The addressed vulnerabilities could allow the remote attacker to execute arbitrary code and perform denial of service attacks (DoS) on the affected product. Sample of addressed vulnerabilities: 1. Trend Micro Apex Central LoadLibraryEX Remote

Veeam has released a security update to fix multiple vulnerabilities across Veeam Backup & Replication 13.0.1.180 and all earlier versions of 13 builds. The addressed vulnerabilities could allow the remote attacker to gain elevated privileges, manipulate files, execute arbitrary code, and gain access to the affected system. Sample of the addressed vulnerabilities: 1. Veeam Backup

HPE Aruba has released a security update to address a critical vulnerability affecting HPE OneView software versions before 11.00. The addressed vulnerability could allow the unauthenticated remote attacker to execute arbitrary code and gain access to the affected system. HPE OneView Remote Code Execution Vulnerability (CVE-2025-37164): CVSS: 10.0 Attack Vector: Network Attack Complexity: Low Privileges

Cisco has released security updates to fix several vulnerabilities affecting multiple Cisco products. The addressed vulnerabilities could allow the attacker to conduct cross-site scripting attacks, obtain sensitive information, or execute arbitrary commands and gain access to the affected product. Sample of addressed vulnerabilities: 1. Cisco Multiple Products Improper Input Validation Vulnerability (CVE-2025- 20393): CVSS: 10

Ivanti has released a security update to fix multiple vulnerabilities across Ivanti Endpoint Manager (EPM). The addressed vulnerabilities could allow the attacker to perform cross-site scripting attacks, manipulate data, or execute arbitrary code, and gain access to the affected systems. Sample of the addressed vulnerabilities: 1. Ivanti Endpoint Manager Cross-Site Scripting Vulnerability (CVE-2025-10573): CVSS: 9.6

Fortinet has released security updates to fix several vulnerabilities across multiple Fortinet products. The addressed vulnerabilities could allow the attacker to perform denial of service attacks, conduct cross-site scripting attacks, gain elevated privileges, obtain sensitive information, manipulate files, and write arbitrary files via specific HTTP or HTTPS commands, bypass the FortiCloud SSO login authentication via

SAP has released security updates to address several vulnerabilities affecting multiple SAP products. SAP has released a patch that fixes several vulnerabilities affecting multiple SAP products, such as SAP NetWeaver (remote service for Xcelsius, Internet Communication Framework, Enterprise Portal, Application Server ABAP), SAP BusinessObjects Business Intelligence Platform, SAP Web Dispatcher and Internet Communication Manager (ICM),