A daily updated summary of security advisories from authoritative sources worldwide. Stay ahead of emerging threats with aggregated intelligence from government CERTs and security research organizations.
Our security experts can help you assess, prioritize, and remediate vulnerabilities before they become incidents. Get proactive protection for your organization.
Showing 110 advisories
A vulnerability marked as critical has been reported in mohammed_kaludi AMP for WP Plugin up to 1.1.12. Affected is the function ampforwp_save_local_font of the component ZIP file Handler. This manipulation causes unrestricted upload. The identification of this vulnerability is CVE-2026-6101. It is
A vulnerability labeled as problematic has been found in SUSE Rancher up to 0.12.14/0.13.10/0.14.5/0.15.1. This impacts an unknown function of the file fleet.yaml of the component Fleet. The manipulation of the argument namespaceLabels results in information disclosure. This vulnerability was named
A vulnerability identified as problematic has been detected in Dell PowerProtect Data Domain. This affects an unknown function. The manipulation leads to command injection. This vulnerability is uniquely identified as CVE-2026-53479. The attack is possible to be carried out remotely. No exploit exis
A vulnerability categorized as critical has been discovered in Dell PowerProtect Data Domain. The impacted element is an unknown function. Executing a manipulation can lead to improper authentication. This vulnerability is handled as CVE-2026-53483. The attack can be executed remotely. There is not
A vulnerability was found in zephyrproject Zephyr up to 4.4.x. It has been rated as problematic. The affected element is the function dhara_nand_read of the file drivers/disk/ftl_dhara.c of the component Dhara Flash Translation Layer Disk Driver. Performing a manipulation results in null pointer der
A vulnerability was found in Dell PowerProtect Data Domain up to 8.7. It has been declared as critical. Impacted is an unknown function. Such manipulation leads to path traversal. This vulnerability is traded as CVE-2026-53481. The attack may be launched remotely. There is no exploit available.
A vulnerability was found in HAVELSAN Liman MYS up to release.master.1106. It has been classified as problematic. This issue affects some unknown processing. This manipulation causes privilege escalation. This vulnerability appears as CVE-2026-11348. The attacker needs to be present on the local net
A vulnerability was found in HAVELSAN Liman MYS up to release.master.1106 and classified as very critical. This vulnerability affects unknown code. The manipulation results in injection. This vulnerability is reported as CVE-2026-13696. The attack can be launched remotely. No exploit exists.
A vulnerability has been found in Module::Load up to 0.21 and classified as problematic. This affects the function Load of the component Module Loader. The manipulation leads to privilege escalation. This vulnerability is documented as CVE-2011-10043. The attack requires being on the local network.
A vulnerability, which was classified as very critical, was found in HAVELSAN Liman MYS up to release.master.1106. Affected by this issue is some unknown functionality. Executing a manipulation can lead to missing authorization. This vulnerability is registered as CVE-2026-11340. It is possible to l
A vulnerability, which was classified as problematic, has been found in Apache Airflow up to 3.2.x. Affected by this vulnerability is an unknown functionality of the component REST API. Performing a manipulation results in information disclosure. This vulnerability is cataloged as CVE-2026-49487. It
A vulnerability classified as problematic was found in arcinfo PcVue up to 16.x. Affected is an unknown function. Such manipulation leads to inadequate encryption strength. This vulnerability is listed as CVE-2026-14868. The attack must be carried out locally. There is no available exploit.
A vulnerability classified as problematic has been found in arcinfo PcVue up to 16.x. This impacts an unknown function. This manipulation causes insufficiently protected credentials. This vulnerability is tracked as CVE-2026-14867. The attack is restricted to local execution. No exploit exists.
A vulnerability described as problematic has been identified in Red Hat Enterprise Linux. This affects an unknown function of the component SSSD. The manipulation results in injection. This vulnerability is identified as CVE-2026-14474. The attack can be executed remotely. There is not any exploit a
A vulnerability marked as problematic has been reported in Red Hat Enterprise Linux. The impacted element is the function ad_gpo_extract_smb_components of the component SSSD. The manipulation of the argument gPCFileSysPath leads to path traversal. This vulnerability is referenced as CVE-2026-14476.
A vulnerability labeled as problematic has been found in Apache Airflow up to 3.2.x. The affected element is an unknown function of the component Config API. Executing a manipulation can lead to missing encryption of sensitive data. The identification of this vulnerability is CVE-2026-48892. The att
A vulnerability identified as problematic has been detected in Apache Airflow up to 3.2.x. Impacted is an unknown function of the component Bulk Variables API. Performing a manipulation results in missing encryption of sensitive data. This vulnerability was named CVE-2026-48828. The attack may be in
A vulnerability categorized as problematic has been discovered in Apache Airflow up to 3.2.x. This issue affects some unknown processing of the file api/v2/dagSources of the component DAG Source Handler. Such manipulation leads to improper access controls. This vulnerability is uniquely identified a
A vulnerability was found in Apache Airflow up to 3.2.x. It has been rated as critical. This vulnerability affects the function BaseSerialization.deserialize of the component Trigger Handler. This manipulation causes deserialization. This vulnerability is handled as CVE-2026-33264. The attack can be
A vulnerability was found in GIMP. It has been declared as critical. This affects the function read_RLE_channel of the component PSD Parser. The manipulation results in integer overflow. This vulnerability is known as CVE-2026-58384. It is possible to launch the attack remotely. No exploit is availa
Serial number: AV26-661Date: July 6, 2026 On July 6, 2026, Qualcomm published a security bulletin to address vulnerabilities affecting Qualcomm products. The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary updates. July 2026 Security Bulletin
Serial number: AV26-660Date: July 6, 2026 On June 21, 2026, BeyondTrust published a security advisory to address vulnerabilities in the following products: Remote Support – version 25.3.2 and prior Privileged Remote Access – version 25.3.2 and prior The Cyber Centre encourages users and administrato
Serial number: AV26-659Date: July 6, 2026 On July 2, 2026, Microsoft published a security update to address vulnerabilities in the following product: Microsoft Edge Stable Channel – versions prior to 150.0.4078.48 The Cyber Centre encourages users and administrators to review the provided web link a
Serial number: AV26-658Date: July 6, 2026 On July 6, 2026, OpenSSH published a security advisory to address vulnerabilities in the following product: OpenSSH – versions prior to 10.4 The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates
Serial number: AV26-657Date: July 6, 2026 On July 5, 2026, Roundcube published security advisories to address vulnerabilities in the following product: Roundcube Webmail – versions prior to 1.6.17 Roundcube Webmail – versions prior to 1.7.2 The Cyber Centre encourages users and administrators to rev
Serial number: AV26-656Date: July 6, 2026 Between June 29 and July 5, 2026, IBM published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following: Automation Assets in IBM Cloud Pak for Integration (CP4I) – multiple versions HMC V10.3.105
Serial number: AV26–655Date: July 6, 2026 Between June 29 and July 5, 2026, CISA published ICS advisories to address vulnerabilities in the following products: CubeSpace CW0057 Reaction Wheel – CW0057 Reaction Wheel Delta Electronics DVP12SE PLC – all versions Frangoteam FUXA SCADA/HMI – versions 1.
Serial number: AV26-654Date: July 6, 2026 Between June 29 and July 5, 2026, Dell published security advisories to address vulnerabilities in multiple products: Dell Cyber Recovery – versions prior to 20.1.0.0 Dell Data Protection Advisor – versions 19.9 to 19.12 SP2 Dell Networker – versions prior t
Serial number: AV26-653Date: July 6, 2026 Between June 29 and July 5, 2026, Ubuntu published security notices to address vulnerabilities in the Linux kernel affecting the following products: Ubuntu 14.04 LTS Ubuntu 20.04 LTS Ubuntu 22.04 LTS Ubuntu 24.04 LTS Ubuntu 25.10 Ubuntu 26.04 LTS The Cyber C
Serial number: AV26-652Date: July 6, 2026 Between June 29 and July 5, 2026, Red Hat published security advisories to address vulnerabilities in multiple products. Included were updates to address vulnerabilities in the Linux kernel for the following products: Red Hat CodeReady Linux Builder – multip
Serial number: AV26-651Date: July 3, 2026 On July 2, 2026, Erlang published security advisories to address vulnerabilities in the following products: OTP – versions prior to 27.3.4.14, 28.5.0.3 and 29.0.3 SSL (OTP) – versions prior to 11.7.3, 11.6.0.3 and 11.2.12.10 The Cyber Centre encourages users
Serial number: AV26-650Date: July 3, 2026 On June 30, 2026, GitHub published security advisories to address vulnerabilities in the following products: GitHub Enterprise Server – versions 3.21.x prior to 3.21.2 GitHub Enterprise Server – versions 3.20.x prior to 3.20.4 GitHub Enterprise Server – vers
Serial number: AV26-649Date: July 3, 2026 On July 2, 2026, WatchGuard published security advisories to address vulnerabilities in the following products: Fireware OS 2025.1 – version 2026.2 and prior Fireware OS 11.x - version 11.12.4_Update1 and prior Fireware OS 12.0 – version 12.12 and prior Fire
Serial number: AV26–647Date: July 2, 2026Updated: July 2, 2026 On June 30, 2026, Adobe published security advisories to address critical vulnerabilities in the following products: Adobe ColdFusion 2025 – Update 9 and prior Adobe ColdFusion 2023 – Update 20 and prior Adobe Campaign Classic – version
Number: AL26-016Date: July 2, 2026 Audience This Alert is intended for IT professionals and managers. Purpose An Alert is used to raise awareness of a recently identified cyber threat that may impact cyber information assets, and to provide additional detection and mitigation advice to recipients. T
Serial number: AV26-552Date: June 5, 2026Updated: July 2, 2026 Between June 2 and 4, 2026, Progress published security advisories to address vulnerabilities in the following products. Included was a critical update for the following: Sitefinity CMS and Sitefinity Insight – multiple versions Progress
Serial number: AV26-648Date: July 2, 2026 On June 30, 2026, Google published a security advisory to address vulnerabilities in the following product: Stable Channel Chrome for Desktop – versions prior to 150.0.7871.46/47 (Windows/Mac), and 150.0.7871.46 (Linux) The Cyber Centre encourages users and
Serial number: AV26-646Date: July 2, 2026 On July 1, 2026, Cisco published security advisories to address vulnerabilities in the following: Cisco Catalyst Center Release 2.3.7 – versions prior to 2.3.7.11-VA GSMU100 Cisco Catalyst Center Release 3.1 - versions prior to 3.1.6 GSMU200 Secure Endpoint
Number: AL26-015Date: July 2, 2026 Audience This Alert is intended for IT professionals and managers. Purpose An Alert is used to raise awareness of a recently identified cyber threat that may impact cyber information assets, and to provide additional detection and mitigation advice to recipients. T
View CSAF Summary Successful exploitation of this vulnerability could allow an attacker to upload arbitrary malicious firmware to the device. The following versions of CubeSpace CW0057 Reaction Wheel are affected: CW0057 Reaction Wheel CVSS Vendor Equipment Vulnerabilities v3 6.1 CubeSpace CubeSpace
View CSAF Summary Successful exploitation of these vulnerabilities could allow unauthenticated users to access and control IoT Hub managed devices. The following versions of Gardyn IoT Hub are affected: Home Firmware Studio Firmware Cloud API <2.12.2026 (CVE-2026-13768, CVE-2026-55726, CVE-2026-5447
View CSAF Summary Successful exploitation of these vulnerabilities could allow an attacker to gain unauthorized access to device information or cause a denial-of-service condition. The following versions of ST Engineering iDirect iQ-Series Terminals are affected: Evolution iQ‑Series terminals <=4.5.
De multiples vulnérabilités ont été découvertes dans Mozilla Thunderbird. Elles permettent à un attaquant de provoquer une atteinte à l'intégrité des données et un déni de service.
Une vulnérabilité a été découverte dans CPython. Elle permet à un attaquant de provoquer un contournement de la politique de sécurité.
De multiples vulnérabilités ont été découvertes dans ClamAV. Elles permettent à un attaquant de provoquer un déni de service et un problème de sécurité non spécifié par l'éditeur.
CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2026-45659 Microsoft SharePoint Server Deserialization of Untrusted Data Vulnerability This type of vulnerability is a frequent attack vector for malicious cyber a
Une vulnérabilité a été découverte dans Mozilla Firefox. Elle permet à un attaquant de provoquer une exécution de code arbitraire.
De multiples vulnérabilités ont été découvertes dans les produits Citrix. Certaines d'entre elles permettent à un attaquant de provoquer un déni de service à distance, une atteinte à la confidentialité des données et un problème de sécurité non spécifié par l'éditeur.
De multiples vulnérabilités ont été découvertes dans Adobe ColdFusion. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et une atteinte à la confidentialité des données.
Serial number: AV26-645Date: June 30, 2026Updated: July 2, 2026 On June 30, 2026, Citrix published a security advisory to address critical vulnerabilities in the following products: NetScaler ADC and NetScaler Gateway - versions 14.1 before 14.1-72.61 NetScaler ADC and NetScaler Gateway - versions 1
View CSAF Summary Successful exploitation of these vulnerabilities can allow an attacker to cause unauthorized access and exposure of sensitive information when the unauthenticated attacker accesses credentials stored within firmware or system files. The following versions of Schneider Electric Easy
View CSAF Summary Successful exploitation of these vulnerabilities could allow a local attacker to tamper with or destroy information in the affected product, cause a denial-of-service condition in the affected product, or execute arbitrary code when a specially crafted archive file is decompressed
View CSAF Summary Successful exploitation of these vulnerabilities could allow an attacker to write files, access unauthorized information, exhaust memory, or crash affected DCMTK client or server processes. The following versions of OFFIS DCMTK Toolkit are affected: DCMTK <=3.7.0 (CVE-2026-50003, C
View CSAF Summary An update is available that resolves vulnerability in the product versions listed as affected in the advisory. An attacker who successfully exploited this vulnerability could cause the product to stop or corrupt memory data. The following versions of XZ Utils vulnerability impactin
View CSAF Summary Schneider Electric is aware of a vulnerability in its EcoStruxure™ IT Data Center Expert. The EcoStruxure™ IT Data Center Expert product is a scalable monitoring software that collects, organizes, and distributes critical device information providing a comprehensive view of equipme
View CSAF Summary Successful exploitation of these vulnerabilities could allow attackers to gain broad unauthorized access, execute arbitrary commands with root privileges, steal sensitive data, and perform actions on behalf of legitimate users across interconnected systems. The following versions o
View CSAF Summary Successful exploitation of this vulnerability could allow an unauthenticated remote attacker to enumerate all user accounts and role assignments on a FUXA SCADA/HMI instance. The following versions of Frangoteam FUXA SCADA/HMI are affected: FUXA SCADA/HMI <=1.3.1 (CVE-2026-13207) C
View CSAF Summary Successful exploitation of these vulnerabilities could allow an attacker to remotely issue commands, modify operational values, interfere with control logic, and alter device behavior without authentication or privilege enforcement. The following versions of Delta Electronics DVP12
De multiples vulnérabilités ont été découvertes dans Apache Tomcat. Certaines d'entre elles permettent à un attaquant de provoquer une injection de code indirecte à distance (XSS), un contournement de la politique de sécurité et un problème de sécurité non spécifié par l'éditeur.
De multiples vulnérabilités ont été découvertes dans les produits Apple. Certaines d'entre elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données, une atteinte à l'intégrité des données et un contournement de la politique de sécurité.
De multiples vulnérabilités ont été découvertes dans Synology MailPlus Server. Certaines d'entre elles permettent à un attaquant de provoquer un déni de service à distance, une atteinte à la confidentialité des données et une atteinte à l'intégrité des données.
CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2026-48558 SimpleHelp Authentication Bypass Vulnerability This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant r
Ce bulletin d'actualité du CERT-FR revient sur les vulnérabilités significatives de la semaine passée pour souligner leurs criticités. Il ne remplace pas l'analyse de l'ensemble des avis et alertes publiés par le CERT-FR dans le cadre d'une analyse de risques pour prioriser l'application des...
Une vulnérabilité a été découverte dans HAProxy. Elle permet à un attaquant de provoquer un déni de service à distance.
De multiples vulnérabilités ont été découvertes dans Mattermost Server. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.
De multiples vulnérabilités ont été découvertes dans KeyCloak. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et une atteinte à la confidentialité des données.
De multiples vulnérabilités ont été découvertes dans Microsoft Azure Linux. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.
De multiples vulnérabilités ont été découvertes dans Microsoft Edge. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et un problème de sécurité non spécifié par l'éditeur.
De multiples vulnérabilités ont été découvertes dans Stormshield Management Center. Elles permettent à un attaquant de provoquer une exécution de code arbitraire, une atteinte à la confidentialité des données et une atteinte à l'intégrité des données.
CISA and the Federal Bureau of Investigation (FBI) issued an updated Public Service Announcement (PSA) warning of Russian Intelligence Services (RIS) cyber threat actors targeting commercial messaging applications in ongoing phishing campaigns. This PSA is an update to the March 2026 Russian Intelli
De multiples vulnérabilités ont été découvertes dans le noyau Linux de Debian. Certaines d'entre elles permettent à un attaquant de provoquer une élévation de privilèges, une atteinte à la confidentialité des données et un déni de service.
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
De multiples vulnérabilités ont été découvertes dans le noyau Linux de SUSE. Certaines d'entre elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données, une atteinte à l'intégrité des données et un contournement de la politique de sécurité.
De multiples vulnérabilités ont été découvertes dans le noyau Linux de Red Hat. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
View CSAF Summary Successful exploitation of these vulnerabilities could could provide an unauthenticated user with complete root-level access and control of the system. The following versions of Daktronics Controller Firmware are affected: VFC-DMP-5000 <v8.117.x.x VFC-DMP-5000 <v9.43.x.x VFC-DMP-50
CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2026-12569 PTC Windchill and FlexPLM Improper Input Validation Vulnerability CVE-2026-20230 Cisco Unified Communications Manager Server-Side Request Forgery (SSR
View CSAF Summary Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code. The following versions of Delta Electronics DTM Soft are affected: DTMSoft vers:all/* CVSS Vendor Equipment Vulnerabilities v3 7.8 Delta Electronics Delta Electronics DTM Soft Deseriali
View CSAF Summary Successful exploitation of this vulnerability in a custom integration version could allow an attacker to steal an authenticated clinician's token via a crafted link. The following versions of OHIF Viewers DICOM are affected: OHIF DICOM Web Viewer Framework <=v3.12.0 CVSS Vendor Equ
View CSAF Summary Successful exploitation of this vulnerability may return a response containing the CI Server setting information. The following versions of Yokogawa FAST/TOOLS and CI Server are affected: FAST/TOOLS >=R9.01|<=R10.04 Collaborative Information Server (CI Server) >=R1.01|<=R1.04 CVSS
View CSAF Summary Successful exploitation of this vulnerability could allow an unauthenticated attacker to write to arbitrary file paths. The following versions of pydicom pynetdicom Library are affected: pynetdicom >=v1.0.0|<v3.0.4 CVSS Vendor Equipment Vulnerabilities v3 9.1 pydicom pydicom pynetd
On 9 June 2026, Ivanti released a security advisory addressing two critical vulnerabilities in their Sentry products[1]. An attacker could exploit those flaws to achieve unauthenticated remote code execution on the vulnerable device.
On 12 May 2026, Microsoft published a security advisory addressing a critical vulnerability affecting Windows Server when acting as a domain controller. This vulnerability allows an unauthenticated attacker to execute arbitrary code over a network. According to The Centre for Cybersecurity Belgium (
On 6 May 2026, Palo Alto published a security advisory addressing a critical vulnerability affecting PAN-OS. This vulnerability allows an unauthenticated attacker to execute arbitrary code with root privileges. Palo Alto observed limited exploitation of this vulnerability. It is strongly recommended
On 29 April 2026, a high local privilege escalation vulnerability in the Linux kernel, tracked as CVE-2026-31431 and named "Copy Fail", was publicly disclosed. The vulnerability affects every mainstream Linux distributions shipping a kernel built since 2017. A public proof-of-concept exploit has bee
On 17 March 2026, Microsoft updated one of its January 2026 security advisories related to a remote code execution vulnerability in Microsoft SharePoint. Specifically, Microsoft raised the CVSS score and changed the FAQ section to indicate that the vulnerability could be exploited by an unauthentica
On 23 March 2026, Citrix published a security advisory addressing multiple vulnerabilities affecting NetScaler ADC and NetScaler Gateway. These vulnerabilities may lead to sensitive information disclosure and user session mix-up under specific configurations. At the time of writing, there is no publ
On 25 February 2026, Cisco released security advisories addressing multiple high and critical severity vulnerabilities in Cisco Catalyst SD-WAN controllers and Cisco SD-WAN Manager. If exploited, these vulnerabilities could allow attackers to gain administrative access to compromised systems. It is
On 29 January 2026, Ivanti released a security advisory addressing two critical vulnerabilities in their EPMM products. An attacker could exploit those flaws to achieve unauthenticated remote code execution on the vulnerable device. One of these vulnerabilities have been exploited in a limited numbe
On December 17, 2025, Cisco released a security advisory for a critical vulnerability affecting Cisco Secure Email Gateway and Cisco Secure Email and Web Manager products. It is recommended to follow Cisco's recommendations to check whether vulnerable appliances have been compromised, and to remedia
On December 3, 2025, the React Team publicly disclosed a critical security vulnerability affecting React Server Components (RSC) and related packages. The vulnerability allows for unauthenticated remote code execution (RCE) via maliciously crafted HTTP requests. It is recommended to update all affec