Critical Vulnerability in F5 Traffix SDC

A critical vulnerability has been discovered in F5 Traffix SDC, linked to Apache Tomcat, which could allow attackers to gain unauthorized access to compromised systems.

Security Updates - NVIDIA

NVIDIA has released security updates to address multiple vulnerabilities in the NVIDIA Container Toolkit and NVIDIA GPU Operator.

Critical Vulnerability in FortiSwitch Devices

A critical vulnerability (CVE-2023-37936) has been discovered in multiple versions of Fortinet FortiSwitch devices. This vulnerability, classified as a use of hard-coded cryptographic key [CWE-321], allows a remote unauthenticated attacker in possession of the key to execute unauthorized code via crafted cryptographic request.

Critical Vulnerabilities in Ivanti Products

Ivanti has released security updates to address multiple vulnerabilities, including critical and high-severity issues in Ivanti Endpoint Manager (EPM), Ivanti Avalanche and Ivanti Application Control Engine.

Critical Vulnerability in FortiOS and FortiProxy

Fortinet has identified a severe vulnerability in FortiOS and FortiProxy that allows unauthenticated remote attackers to bypass authentication mechanisms and gain “super-admin” privileges.

Security Updates - Adobe

Adobe has released important security updates to fix several vulnerabilities in its products. If these issues are exploited by attackers, they could allow harmful code to run on your system, potentially compromising it.

Security Updates - SAP

SAP released 14 new Security Notes as part of its monthly Security Patch Day. These patches address critical vulnerabilities in various SAP products and components, improving the overall security posture of SAP environments. The vulnerabilities covered in this update could potentially allow attackers to exploit security weaknesses, leading to unauthorized access, data breaches, or system disruptions.

Security Updates – Juniper Junos OS

Juniper Networks has recently disclosed two high-severity vulnerabilities in their Junos OS and Junos OS Evolved systems: CVE-2025-21598 and CVE-2025-21599. These vulnerabilities are critical because they can be exploited by unauthenticated attackers, posing a significant risk of Denial of Service (DoS) attacks and network-wide disruptions.Both vulnerabilities have been assigned a CVSSv3 score of 7.5, indicating high severity.

Actively Exploited Command Injection Vulnerability in BeyondTrust Software

A critical command injection vulnerability, identified as CVE-2024-12686, has been discovered in BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) software. This vulnerability is actively being exploited in ongoing attacks. It allows attackers with administrative privileges to inject malicious operating system commands, which could lead to a complete system compromise.

Critical Vulnerability in NETGEAR Routers

A critical security flaw has been found in NETGEAR routers, and it is being actively exploited by hackers. This vulnerability allows attackers to gain unauthorized access to the router and run harmful code, potentially taking control of the device

Critical Vulnerability in Samsung Devices

A serious security issue (CVE-2024-49415) has been found in Samsung smartphones, which could let hackers take control of the device without any action from the user. This problem affects phones running Android 12, 13, and 14.Samsung has fixed the issue in their December 2024 security update.

Security Updates - VMware Aria Automation

VMware has released security updates to address a server-side request forgery (SSRF) vulnerability in VMware Aria Automation.

Command Injection Vulnerabilities in HPE Aruba

HPE Aruba Networking has published a security advisory addressing command injection vulnerabilities in the 501 Wireless Client Bridge. These flaws could allow authenticated attackers to execute arbitrary commands with privileged access on affected devices. A proof-of-concept exploit has been publicly released, increasing the urgency for patching.

Critical Zero-Day Vulnerability in Ivanti Connect Secure

Ivanti has disclosed two vulnerabilities (CVE-2025-0282 and CVE-2025-0283) affecting Ivanti Connect Secure, Policy Secure, and Neurons for ZTA gateways. CVE-2025-0282, a critical stack-based buffer overflow vulnerability with a CVSS score of 9.0, is being actively exploited in the wild as a zero-day.

Security Updates- GitLab Community Edition (CE) and Enterprise Edition (EE)

GitLab has released critical security patches to address multiple vulnerabilities affecting both its Community Edition (CE) and Enterprise Edition (EE).