Announcements

SolarWinds has released security updates to address multiple vulnerabilities affecting SolarWinds Web Help Desk 12.8.7 and all previous versions, and SolarWinds Database Performance Analyzer 2025.2 and previous versions. The addressed vulnerabilities could allow the attacker to run commands on the host machine and gain unauthorized access to the affected product, or enable a man-in-the-middle (MITM) […]

Fortra has released a security update to fix a critical vulnerability in GoAnywhere MFT’s License Servlet. The addressed vulnerability could allow the remote attacker with a validly forged license response signature to deserialize an arbitrary actor-controlled object, possibly leading to command injection. Deserialization Vulnerability in GoAnywhere MFT’s License Servlet (CVE-2025-10035): CVSS: 10 Attack Vector: Network

Adobe has released security updates to address several vulnerabilities across multiple Adobe products. The addressed vulnerabilities could allow the attacker to bypass security restrictions, obtain sensitive information, or execute arbitrary code and gain access to the affected system. Sample of the addressed vulnerabilities: 1. Adobe Commerce and Magento Open Source Improper Input Validation Vulnerability (CVE-2025-54236):

Microsoft has released its monthly patch of security updates, known as PatchTuesday. The  mentioned patch addressed two zero-day vulnerabilities. Microsoft has fixed (95) vulnerabilities, with (4) classified as critical, as they could allow the attacker to gain elevated privileges, perform denial of service attacks, obtain sensitive information, bypass security restrictions, or execute arbitrary code and

SAP has released security updates to address several vulnerabilities affecting multiple SAP products. SAP has released a patch that fixes several vulnerabilities affecting multiple SAP products, such as SAP NetWeaver, SAP S/4HANA, SAP Landscape Transformation, SAP Business One, ABAP Platform, SAP Cloud, SAP BusinessObjects Business Intelligence Platform, and SAP Supplier Relationship Management. The attacker could

Citrix has released a security update to address several vulnerabilities affecting Citrix NetScaler ADC and Citrix NetScaler Gateway. The addressed vulnerabilities could allow the attacker to bypass security restrictions, perform denial-of-service attacks, or execute arbitrary code and gain access to the affected systems. Sample of the addressed vulnerabilities: 1. NetScaler ADC and NetScaler Gateway Remote

Drupal has released security updates to fix several vulnerabilities across multiple Drupal versions. The addressed vulnerabilities could allow the attacker to conduct cross-site scripting attacks, perform server-side request forgery attacks, bypass security restrictions, or gain access to the affected products. Sample of the addressed vulnerabilities: Authenticator Login Module for Drupal (SA-CONTRIB-2025-096) Security Bypass Vulnerability (CVE-2025-8995):

Cisco has released security updates to fix several vulnerabilities affecting multiple Cisco products. The addressed vulnerabilities could allow the attacker to perform denial of service attacks, bypass security restrictions, obtain sensitive information, or execute arbitrary code and gain access to the affected systems. Sample of addressed vulnerabilities: 1. Cisco Secure Firewall Management Center Software RADIUS

Fortinet has released security updates to fix several vulnerabilities across multiple products. The addressed vulnerabilities could allow the attacker to gain elevated privileges, perform denial of service attacks, conduct cross-site scripting attacks, obtain sensitive information, bypass security restrictions, read arbitrary files via uploading a malicious solution pack, or execute arbitrary code and gain access to

Zoom has released a security update to fix multiple vulnerabilities across Zoom Client for Windows. The addressed vulnerabilities could allow the attacker to perform denial of service attacks, manipulate files, or gain elevated privileges on the affected system. Sample of the addressed vulnerabilities: 1. Zoom Clients for Windows – Untrusted Search Path (CVE-2025-49457): CVSS: 9.6

Microsoft has released its monthly patch of security updates, known as Patch Tuesday. The mentioned patch addressed one zero-day vulnerability. Microsoft has fixed (107) vulnerabilities, with (5) classified as critical, as they could allow the attacker to gain elevated privileges, perform denial of service attacks, perform spoofing over a network, or execute arbitrary code, and

SAP has released security updates to address several vulnerabilities affecting multiple SAP products. SAP has released a patch that fixes several vulnerabilities affecting multiple SAP products, such as SAP NetWeaver, SAP S/4HANA, SAP Landscape Transformation, SAP Business One, ABAP Platform, SAP GUI, SAP Cloud, and SAP Fiori applications. The attacker could exploit some of these

Adobe has released security updates to fix two vulnerabilities affecting Adobe Experience Manager. The addressed vulnerabilities could allow the remote attacker to obtain sensitive information or execute arbitrary code and gain access to the affected product. The addressed vulnerabilities: 1. Adobe Experience Manager Code Execution Vulnerability (CVE-2025-54253): CVSS: 10 Attack Vector: Network Attack Complexity: Low

Trend Micro has released security updates to address several vulnerabilities affecting Trend Micro Apex One (On-prem) 2019, and Apex One Management Server version 14039 and below. The addressed vulnerabilities could allow the remote attacker to execute arbitrary commands and gain access to the affected product. Sample of addressed vulnerabilities: Trend Micro Apex One Command Execution

Apple has released security updates to address multiple vulnerabilities across Safari, macOS Sequoia, Sonoma, and Ventura. The addressed vulnerabilities could allow the attacker to perform denial of service attacks, cause memory corruption, bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, and gain access to the affected system. Sample of the addressed

SonicWall has released a security update to fix multiple vulnerabilities affecting SMA 100 Series (SMA 210, 410, and 500v). The addressed vulnerabilities could allow the remote attacker to upload arbitrary files to the system, perform denial of service attacks, execute arbitrary JavaScript code, and conduct a cross-site scripting attack on the affected product. Sample of

Microsoft has released a security update to fix several vulnerabilities across multiple Microsoft products. The addressed vulnerabilities could allow the attacker to gain elevated privileges, perform spoofing over a network, execute arbitrary code and gain access to the affected system. Sample of the addressed vulnerabilities: 1. Azure Machine Learning Elevation of Privilege (CVE-2025-49747): CVSS: 9.9

CrushFTP has released a security update to fix a critical vulnerability in CrushFTP versions below “10.8.5 and 11.3.4_23”. The addressed vulnerability could allow the attacker to gain elevated privileges and obtain administrative access to the affected system through HTTPS. CrushFTP Privilege Escalation Vulnerability (CVE-2025-54309): CVSS: 9.0 Attack Vector: Network Attack Complexity: High Privileges Required: None

Cisco has released security updates to fix several vulnerabilities affecting multiple Cisco products. The addressed vulnerabilities could allow the attacker to perform server-side request forgery attacks, bypass security restrictions, obtain sensitive information, execute arbitrary code, and gain access to the affected systems. Sample of addressed vulnerabilities: 1. Cisco ISE API Unauthenticated Remote Code Execution Vulnerability

Juniper has released security updates to fix several vulnerabilities affecting multiple Juniper Networks products. The addressed vulnerabilities could allow the remote attacker to perform denial of service attacks, obtain sensitive information, gain elevated privileges, bypass security restrictions, execute arbitrary commands, and gain access to the affectedsystem. Sample of the addressed vulnerabilities: 1. Juniper Networks Juniper