Announcements

SAP has released security updates to address several vulnerabilities affecting multiple SAP products. SAP has released a patch that fixes several vulnerabilities affecting multiple SAP products, such as SAP NetWeaver, SAP Supplier Relationship Management, SAP Business Objects Business Intelligence Platform, SAP PDCE, SAP Service Parts Management (SPM), and SAP Landscape Transformation. The attacker could exploit […]

SAP has released security updates to address several vulnerabilities affecting multiple SAP products. SAP has released a patch that fixes several vulnerabilities affecting multiple SAP products, such as SAP NetWeaver, SAP Supplier Relationship Management, SAP Business Objects Business Intelligence Platform, SAP PDCE, SAP Service Parts Management (SPM), and SAP Landscape Transformation. The attacker could exploit

Cisco has released security updates to fix multiple vulnerabilities affecting several Cisco products. The addressed vulnerabilities could allow the attacker to perform denial of service attacks, upload arbitrary files, conduct cross-site request forgery (CSRF) attacks, read and modify the outgoing proxy configuration settings, perform cross-site scripting attacks, bypass security restrictions, conduct command injection attacks, escalate

Elasticsearch has released a security update to a fix critical vulnerability affecting Kibana versions from 8.3.0 to 8.17.5, 8.18.0, and 9.0.0. The addressed vulnerability could allow the remote attacker to execute arbitrary code and gain access to the affected product by uploading a crafted HTTP request. Kibana Code Execution Vulnerability via Prototype Pollution (CVE-2025-25014): CVSS:

Mozilla has released an updated Firefox version 138, Firefox ESR versions 128.10, and 115.23 to fix multiple vulnerabilities. The addressed vulnerabilities could allow the attacker to bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, and gain access to the affected systems. Sample of the addressed vulnerabilities: 1. Mozilla Firefox Improper Process

SAP has released security updates to address several vulnerabilities affecting SAP NetWeaver, SAP S/4 HANA, and SAP Field Logistics. The addressed vulnerabilities could allow the attacker to perform cross-site request forgery attacks, manipulate data, or execute arbitrary code and gain access to the affected product. Sample of the addressed vulnerabilities: 1. Missing Authorization Check in

Oracle released its critical patch updates for April 2025, containing (378) new security patches for multiple affected products in Oracle code and third-party components. The addressed vulnerabilities could allow the attacker to perform various attacks such as obtaining sensitive information, conducting denial of service attacks, performing data manipulation (update, insert, or delete access), or executing

Adobe has released security updates to fix several vulnerabilities across multiple Adobe products. The addressed vulnerabilities could allow the attacker to perform denial-of-service attacks, bypass security restrictions, gain elevated privileges, execute arbitrary code, and gain access to the affected products. Sample of the addressed vulnerabilities: 1. Adobe ColdFusion Deserialization of Untrusted Data (CWE-502) Vulnerability (CVE-2025-24447):

Fortinet has released security updates to fix several vulnerabilities across multiple Fortinet products. The addressed vulnerabilities could allow the attacker to perform denial of service attacks, gain elevated privileges, bypass security restrictions, or execute arbitrary code, and gain access to the affected product. Sample of the addressed vulnerabilities: 1. FortiSwitch Unverified Password Change Escalation of

SAP has released security updates to address several vulnerabilities affecting multiple SAP products. SAP has released a critical patch that fixes several vulnerabilities affecting multiple SAP products such as SAP S/4HANA (Private Cloud), SAP Financial Consolidation, SAP BusinessObjects Business Intelligence platform (Central Management Console), and SAP Landscape Transformation (Analysis Platform). The attacker could exploit some

Ivanti has released security updates to address a critical vulnerability affecting multiple Ivanti products. The vulnerability could allow the remote unauthenticated attacker to execute arbitrary code through a stack-based buffer overflow and gain access to the affected product. Ivanti Connect Secure, Policy Secure, and ZTA Gateways Remote Code Execution Vulnerability (CVE-2025-22457): CVSS: 9 Attack Vector:

Apple has released security updates to address multiple vulnerabilities across macOS Sequoia, Sonoma, Ventura, and Safari. The addressed vulnerabilities could allow the attacker to perform denial of service attacks, bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, and gain access to the affected system. Sample of the addressed vulnerabilities: 1. Apple

Mozilla has released an updated Firefox version 137, Firefox ESR versions 128.9, and 115.2 to fix multiple vulnerabilities. The addressed vulnerabilities could allow the attacker to bypass security restrictions, conduct exploitable crashes, or execute arbitrary code and gain access to the affected systems. Sample of the addressed vulnerabilities:  1. Mozilla Firefox Sandbox Escape Vulnerability (CVE-2025-2857):

Veeam has released a security update to fix a critical vulnerability across Veeam Backup & Replication systems. The addressed vulnerability could allow the remote attacker to execute arbitrary code and gain access to the affected system. Veeam Backup Arbitrary Code Execution Vulnerability (CVE-2025-23120): CVSS: 9.9 Attack Vector: Network Attack Complexity: Low Privileges Required: Low User

Elasticsearch has released a security update to a fix critical vulnerability affecting Kibana versions from 8.15.0 to 8.17.3. The addressed vulnerability could allow the remote attacker to execute arbitrary code and gain access by uploading a crafted HTTP request. Elasticsearch Kibana Remote Code Execution Vulnerability (CVE-2025-25015): CVSS: 9.9 Attack Vector: Network Attack Complexity: Low Privileges

Mozilla has released an updated Firefox version 136, Firefox ESR versions 128.8, and 115.21 to fix multiple vulnerabilities. The addressed vulnerabilities could allow the attacker to bypass security restrictions, conduct exploitable crashes, or execute arbitrary code and gain access to the affected systems. Sample of the addressed vulnerabilities: 1. Mozilla Firefox Exploitable out-of-bounds Access Vulnerability

VMware has released a security update to fix several vulnerabilities across VMware ESXi, Workstation, and Fusion. The addressed vulnerabilities could allow the attacker to obtain sensitive information, escalate privileges, or execute arbitrary code, and gain access to the affected systems. Sample of the addressed vulnerabilities: 1. VMware ESXi, and Workstation Heap-Overflow Vulnerability (CVE-2025- 22224): CVSS:

Ivanti has released security updates to fix several critical vulnerabilities across multiple Ivanti products. The addressed vulnerabilities could allow the attacker to conduct cross-site scripting attacks, obtain sensitive information, bypass security restrictions, or execute arbitrary code and gain access to the affected systems. Sample of the addressed vulnerabilities: Ivanti Connect Secure (ICS) Code Execution Vulnerability

Adobe has released security updates to fix several vulnerabilities across multiple Adobe Commerce products. The addressed vulnerabilities could allow the attacker to bypass security restrictions, perform cross-site scripting attacks, gain elevated privileges, or execute arbitrary code and gain access to the affected systems Sample of the addressed vulnerabilities: 1. Adobe Commerce Improper Authorization (CWE-285) (CVE-2025-24434):

Juniper has released security updatesto fix a critical vulnerability affectingmultiple Juniper Networks products. The addressed vulnerability could allow the remote attacker to bypass authentication and take administrative control of the affected systems. Juniper Networks API Authentication Bypass Vulnerability (CVE-2025-21589): CVSS: 9.8 Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Consequences: Gain