Announcements

Oracle released its critical patch updates for January 2025, containing (318) new security patches for multiple affected products in Oracle code and third-party components. The addressed vulnerabilities could allow the attacker to perform various attacks such as obtaining sensitive information, gaining elevated privileges, conducting denial of service attacks, performing data manipulation (update, insert, or delete […]

Ivanti has released security updates to fix several vulnerabilities across multiple Ivanti products. The addressed vulnerabilities could allow the attacker to escalate elevated privileges, perform denial of service attacks, bypass security restrictions, obtain sensitive information, or execute arbitrary code and gain access to the affected systems. Sample of the addressed vulnerabilities: 1. Ivanti EPM Path

Fortinet has released security updates to fix several vulnerabilities across multiple Fortinet products. The addressed vulnerabilities could allow the attacker to gain elevated privileges, obtain sensitive information, perform denial of services attacks, manipulate files, conduct SQL injection attacks, bypass security restrictions, perform cross-site scripting attacks, or execute arbitrary code and gain access to the affected

Microsoft has released its monthly patch of security updates, known as Patch Tuesday. The mentioned patch addressed eight zero-day vulnerabilities with three actively exploited in attacks. Microsoft has fixed (161) vulnerabilities, with (3) classified as critical as they could allow the attacker to conduct spoofing attacks, perform denial of service attacks, gain elevated privileges, obtain

SAP has released security updates to address several vulnerabilities affecting multiple products. SAP has released a patch that fixes several vulnerabilities affecting multiple SAP products such SAP NetWeaver ABAP and ABAP Platform, SAP NetWeaver AS for ABAP and ABAP Platform, SAP BusinessObjects Business Intelligence Platform, SAPSetup, SAP Business Workflow, SAP Flexible Workflow, SAP NetWeaver Application

Ivanti has released security updates to fix two vulnerabilities across multiple versions of Ivanti Connect Secure, Policy Secure, and ZTA Gateways. The addressed vulnerabilities could allow the attacker to gain elevated privileges or execute arbitrary code and gain access to the affected system. The addressed vulnerabilities: 1. Ivanti Connect Secure Remote Code Execution (CVE-2025-0282): CVSS:

Sophos has released security updates to fix multiple vulnerabilities in Sophos firewall versions 21.0 GA (21.0.0) and older. The severity of the addressed vulnerability could allow the remote attacker to execute remote code and gain access to the affected versions. 1. Sophos firewall pre-auth SQL injection vulnerability (CVE-2024-12727): CVSS: 9.8 Attack Vector: Network Attack Complexity:

Apache has released security updates to address two vulnerabilities affecting multiple versions of Apache Tomcat. The addressed vulnerabilities could allow the remote attacker to perform denial of service attacks or execute arbitrary code, and gain access to the affected systems. The addressed vulnerabilities: 1. Apache Tomcat Code Execution Vulnerability (CVE-2024-50379): CVSS: 9.8 Attack Vector: Network

Fortinet has released security updates to fix multiple vulnerabilities across several Fortinet products. The addressed vulnerabilities could allow the attacker to obtain sensitive information or execute arbitrary command/code and gain access to the affected systems. Sample of the addressed vulnerabilities: 1. FortiWLM Remote Command/Code Execution Vulnerability (CVE-2023- 34990): CVSS: 9.6 Attack Vector: Network Attack Complexity:

 Apple has released security updates to address multiple vulnerabilities across macOS Ventura, macOS Sequoia, macOS Sonoma, and Safari. The addressed vulnerabilities could allow the attacker to bypass security restrictions, obtain sensitive information, perform denial of services attacks, elevate privileges, or execute arbitrary code and gain access to the affected systems. Sample of the addressed vulnerabilities:

 Microsoft has released its monthly patch of security updates, known as Patch Tuesday. The mentioned patch addressed one zero-day vulnerability. Microsoft has fixed (72) vulnerabilities, with (1) classified as critical as they could allow the attacker to conduct spoofing attacks, gain elevated privileges, perform denial of service attacks, obtain sensitive information, or execute arbitrary code

Ivanti has released security updates to fix several vulnerabilities across multiple Ivanti products. The addressed vulnerabilities could allow the attacker to manipulate data, bypass security restrictions, perform denial of service attacks, or execute arbitrary code and gain access to the affected systems. Sample of the addressed vulnerabilities: 1. Ivanti CSA Administrative Access Vulnerability (CVE-2024-11639): CVSS:

SAP has released security updates to address several vulnerabilities affecting multiple SAP products. SAP has released a patch that fixes several vulnerabilities affecting multiple SAP products such as SAP NetWeaver AS for JAVA, SAP Web Dispatcher, SAP BusinessObjects Business Intelligence Platform, SAP NetWeaver Application Server (ABAP), SAP HCM, SAP Product Lifecycle Costing, SAP NetWeaver Administrator

 Veeam has released security updates to fix several vulnerabilities affecting multiple Veeam products. The addressed vulnerabilities could allow the attacker to perform denial of service attacks, gain elevated privileges, conduct DLL injection attacks, obtain sensitive information, manipulate data or execute arbitrary code, and gain access to the affected systems. Sample of the addressed vulnerabilities: 1.

Palo Alto has released security updatesto fix multiple vulnerabilities affecting Palo Alto PAN-OS. The addressed vulnerabilities could allow the attacker to gain elevated privileges, perform denial of service attacks, conduct SSRF attacks, obtain sensitive information, bypass security restrictions or gain access to the affected system. Sample of the addressed vulnerabilities: 1. PAN-OS Authentication Bypass in

Microsoft has released its monthly patch of security updates, known as Patch Tuesday. The mentioned patch addressed four zero-day vulnerabilities. Microsoft has fixed (91) vulnerabilities, with (4) classified as critical as they could allow the attacker to gain elevated privileges or execute arbitrary code and gain access to the affected products by persuading the victim

Cisco has released security updates to fix several vulnerabilities affecting multiple Cisco products. The addressed vulnerabilities could allow the attacker to perform denial of services attacks, bypass security restrictions, conduct cross-site scripting attacks, obtain sensitive information, manipulate data, execute arbitrary codes/SQL commands, and gain access to the affected system. Sample of the addressed vulnerabilities: Cisco

Aruba has released security updates to fix multiple vulnerabilities affecting Aruba Access Points running Instant AOS-8 and AOS 10. The addressed vulnerabilities could allow the remote attacker to execute arbitrary commands and gain access to the affected product by sending a specially crafted request via UDP port 8211. Sample of the addressed vulnerabilities: HPE Aruba

Cisco has released security updates to fix multiple vulnerabilities affecting several Cisco products. The addressed vulnerabilities could allow the attacker to bypass security restrictions, perform cross-site request forgery attacks, perform cross-site scripting attacks, obtain sensitive information, perform SQL injection attacks, gain elevated privilege, perform denial of services attacks, or execute arbitrary commands and gain access

Fortinet has released security updates to fix multiple vulnerabilities across several Fortinet products The addressed vulnerabilities could allow the attacker to gain elevated privileges, obtain sensitive information, perform denial of services attacks, or execute arbitrary code and gain access to the affected product. Sample of the addressed vulnerabilities: 1. FG-IR-24-423 Missing Authentication in Fgfmsd Vulnerability