Announcements

Drupal has released security updates to address several vulnerabilities affecting multiple Drupal products. The addressed vulnerabilities could allow the attacker to conduct cross-site scripting attacks, obtain sensitive information, escalate privileges, manipulate data, execute arbitrary SQL commands, and gain access to the affected products. Samples of the addressed vulnerabilities: 1. Drupal Date iCal Information Disclosure Vulnerability […]

Mozilla has released an updated Firefox version 151, Firefox ESR versions 115.36 and 140.11 to fix multiple vulnerabilities. The addressed vulnerabilities could allow the remote attacker to conduct denial-of- service and spoofing attacks, obtain sensitive information, bypass security restrictions, gain elevated privileges, execute arbitrary code, and gain access to the affected system. Sample of the

Cisco has released security updates to address several vulnerabilities affecting multiple Cisco products. The addressed vulnerabilities could allow the attacker to conduct denial-of-service attacks, obtain sensitive information, make configuration changes across tenant boundaries with the privileges of the Site Admin user, execute arbitrary code/commands, and gain access to the affected systems. Sample of addressed vulnerabilities:

Microsoft has released a security update to address a critical vulnerability affecting multiple Microsoft Azure products. The addressed vulnerability could allow the remote unauthorized attacker to elevate privileges over a network. The addressed vulnerability: Azure Local Disconnected Operations (ALDO) Elevation of Privilege Vulnerability (CVE-2026-42822): CVSS: 10.0 Attack Vector: Network Attack Complexity: Low Privileges Required: None

Google has released an updated Chrome version 148.0.7778.167/168 for Windows and Mac, and version 148.0.7778.167 for Linux. The addressed vulnerabilities could allow the attacker to bypass security restrictions, perform denial-of-service attacks, gain elevated privileges, obtain sensitive information, manipulate data, or execute arbitrary code and gain access to the affected systems. Sample of the addressed vulnerabilities:

Apache Tomcat has released a security update to address several vulnerabilities affecting Apache Tomcat. The addressed vulnerabilities could allow the attacker to perform denial-of-service attacks, obtain sensitive information, bypass security restrictions, or gain access to the affected system. Sample of the addressed vulnerabilities: 1. Apache Tomcat Digest Authentication Bypass Vulnerability (CVE-2026- 43512): CVSS: 9.8 Attack

Microsoft has released a security update to address a vulnerability affecting Microsoft Exchange Server. The addressed vulnerability could allow attackers to conduct spoofing attacks through a cross-site scripting (XSS) flaw, potentially leading to the execution of arbitrary JavaScript code within the victim’s web browser context. The addressed vulnerability: Microsoft Exchange Server 2016 Spoofing Vulnerability (CVE-2026-42897):

Cisco has released security updates to address several vulnerabilities affecting multiple Cisco products. The addressed vulnerabilities could allow the attacker to obtain sensitive information, gain elevated privileges, bypass security restrictions, and gain access to the affected systems. Sample of addressed vulnerabilities: 1. Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability (CVE- 2026-20182): CVSS: 10 Attack Vector:

F5 has released security updates to address several vulnerabilities affecting multiple F5 products. The addressed vulnerabilities could allow the attacker to conduct denial-of-service and man-in-the-middle attacks, gain elevated privileges, bypass security restrictions, manipulate files, perform cross-site request forgery (CSRF) attacks, obtain sensitive information, execute arbitrary code/commands, and gain access to the affected systems. Sample of

Intel has released security updates to address several vulnerabilities in multiple Intel products. The addressed vulnerabilities could allow the attacker to gain elevated privileges, obtain sensitive information, or perform denial-of-service attacks on the affected product. Samples of the addressed vulnerabilities: 1. Intel® Data Center Graphics Driver for VMware ESXi Buffer Overflow Vulnerability (CVE-2026-20794): CVSS: 9.3

Ivanti has released security updates to fix several vulnerabilities across multiple Ivanti products. The addressed vulnerabilities could allow the attacker to obtain sensitive information, gain elevated privileges, perform SQL injection attacks, manipulate data, or conduct remote code execution attacks. Sample of the addressed vulnerabilities: 1. Ivanti Xtraction Information Disclosure Vulnerability (CVE-2026-8043): CVSS: 9.6 Attack Vector:

Microsoft has released its monthly patch of security updates, known as Patch Tuesday. The mentioned patch addressed 120 flaws across multiple products. Microsoft has addressed multiple vulnerabilities in this release that could allow attackers to gain elevated privileges, perform spoofing attacks, bypass security restrictions, obtain sensitive information, conduct denial-of-service attacks, or execute arbitrary code and

Fortinet has released security updates to fix several vulnerabilities affecting multiple Fortinet products. The addressed vulnerabilities could allow the attacker to conduct denial-of-service attacks, bypass security restrictions, obtain sensitive information, gain elevated privileges, execute unauthorized code or commands, and gain access to the affected system via specially crafted requests. Sample of the addressed vulnerabilities: 1.

SAP has released security updates to address several vulnerabilities affecting multiple SAP products. SAP has released security updates to address vulnerabilities across multiple SAP products, including SAP S/4HANA, SAP BusinessObjects Business Intelligence Platform, SAP NetWeaver Application Server, SAP Commerce Cloud, SAP HANA, SAP Financial Consolidation, and SAP Incentive and Commission Management. The addressed vulnerabilities could

Mozilla has released an updated Firefox version 150.0.2, Firefox ESR versions 115.35.2 and 140.10.2 to fix multiple vulnerabilities. The addressed vulnerabilities could allow the remote attacker to perform denial-of- service attacks, execute arbitrary code, and gain access to the affected systems. Sample of the addressed vulnerabilities: 1. Mozilla Firefox Incorrect Boundary Conditions in The Audio/Video:

Microsoft has released security updates to address several vulnerabilities affecting multiple Microsoft products. The addressed vulnerabilities could allow the attacker to obtain sensitive information, conduct spoofing attacks, execute arbitrary code, or gain elevated privileges on the affected systems. Sample of the addressed vulnerabilities: 1. Microsoft Azure DevOps Information Disclosure Vulnerability (CVE-2026- 42826): CVSS: 10.0 Attack

Palo Alto Networks has released a security update to address a critical vulnerability affecting Palo Alto PAN-OS versions 12.1, 11.2, 11.1, and 10.2. The addressed vulnerability could allow the remote attacker to execute arbitrary code with root privileges on the PA-Series and VM-Series firewalls by sending specially crafted packets. The addressed vulnerability: PAN-OS: Unauthenticated User-Initiated

OpenSSL has released security updates to address several vulnerabilities affecting OpenSSL Software Services. The addressed vulnerabilities could allow the attacker to perform denial-of-service attacks, execute arbitrary code, or obtain sensitive information from the affected system. Sample of the addressed vulnerabilities: 1. OpenSSL Hexadecimal Conversion Heap Buffer Overflow Vulnerability (CVE- 2026-31789): CVSS: 9.8 Attack Vector: Network

Progress Software Corporation has released a security update to fix two vulnerabilities affecting MOVEit Automation. The addressed vulnerabilities could allow the attacker to gain elevated privileges or bypass authentication and gain access to the affected system. The addressed vulnerabilities: 1. Progress MOVEit Automation Authentication Bypass Vulnerability (CVE- 2026-4670): CVSS: 9.8 Attack Vector: Network Attack Complexity:

Apache Tomcat has released a security update to address several vulnerabilities affecting Apache Tomcat. The addressed vulnerabilities could allow the attacker to bypass security restrictions, perform request smuggling attacks, obtain sensitive information from server logs, or redirect victims to attacker-controlled sites to perform phishing or other social engineering attacks. Sample of the addressed vulnerabilities: 1.