Vulnerability Details
The Computer Network Defence Alert State is designed to give a granular and more dynamic visualisation of the current cyber security threat. Any increase in an alert state will occur immediately an issue is detected and it will drop again by one level each working day.
Our rationale for this agility is that vulnerabilities often occur in clusters, therefore reducing the alert state again quickly, will increase your visibility of new threats to the same product. Daily reductions in alert state occur at approximately 1900 GMT/UTC. Significant vulnerabilities may remain for longer. Vulnerabilities on this page are predominantly remotely executable, very few local server exploits will be shown.
Tuesday 15 July 2025
Oracle

Patch
Oracle's Quarterly Critical Patch Update addresses 305 new security patches, according to the pre-release, 145 of which are remotely exploitable without authentication. Highest CVSSv3 score of 9.8
Patches are expected out this afternoon.
More info.
SCATI

Patch
A high severity vulnerability affects SCATI Vision Web allows an attacker to exfiltrate some data from the database. CVSSv4 score of 8.3
More info.
Unisoc

Patch
Unisoc has published security patches with 3 vulnerabilities, 1 rated Critical, 1 rated High, 1 rated Medium. Highest CVSSv3 score of 9.8
More info.
Monday 14 July 2025
KUNBUS

Patch
Omron

Patch
A vulnerability exists in the communication function between the NJ/NX-series Machine Automation Controllers and the Sysmac Studio Software, allowing a remote attacker to perform unauthorized access and to execute unauthorized code remotely to the controller products. CVSSv3 score of 7.0
More info.
IBM

Patch
IBM has published Critical bulletins for Hardware Management Console, Cloud Pak System Software, Tivoli Netcool Configuration Manager, Rational DOORS, Netezza Analytics, and Business Monitor.
More info.
NetApp

New
NetApp has published 10 new bulletins identifying vulnerabilities in third-party software included in their products. Highest CVSSv3 score of 10.
More info.
Linux

Patch
Red Hat has updated the kernel. More info.
Friday 11 July 2025
Apache

Patch
GnuTLS

Patch
GnuTLS has published an update that fixes 5 vulnerabilities, 3 rated Medium and 2 rated Low.
More info.
Alcatel
Lucent

Patch
ALE has released an update for OmniAccess Stellar WLAN Access Points to address multiple security vulnerabilities. Highest CVSSv3 score of 9.8
More info.
Broadcom

Patch
Broadcom has published three new bulletins for VMware Tanzu Data Services and Data Suite, 1 rated Critical and 2 rated High. Highest CVSSv3 score of 9.8
More info.
Dell

Patch
Dell has published a Critical bulletin for UCC Edge.
More info.
Watchguard

Patch
Watchguard has published 6 new bulletins, 2 rated High and 4 rated Medium. Highest CVSSv3 score of 8.9
More info.
Linux

Patch
Thursday 10 July 2025
Emerson

Patch
Emerson ValveLink Products contains multiple vulnerabilities including Cleartext Storage of Sensitive Information in Memory, Protection Mechanism Failure, Uncontrolled Search Path Element, and Improper Input Validation. Highest CVSSv4 score of 9.3
More info.
Ruckus
Wireless

New
Multiple vulnerabilities have been identified in Ruckus Virtual SmartZone and Network Director including authentication bypass, hardcoded secrets, and unauthenticated remote code execution. Highest CVSSv3 score of 9.8
No responses from vendor.
More info.
Zoom

Patch
Zoom has published 6 new bulletins, 3 of which identify vulnerabilities exploitable by remote attackers. Highest CVSSv3 score of 7.4
More info.
Broadcom

Patch
IBM

Patch
IBM has published Critical bulletins for Analytics Content Hub, Cloud Pak for Applications, Enterprise Application Runtimes, WebSphere Hybrid Edition, Db2, watsonx, Verify Identity Access, and Tivole Composite Application Manager.
More info.
Linux

Patch
Wednesday 09 July 2025
Microsoft

Patch
Palo Alto
Networks

Patch
Monthly Patches for Palo Alto Networks includes 5 bulletins, with updates for GlobalProtect App, Autonomous Digital Experience Manager, and Prisma Access browser, along with third-party software updates. Highest CVSSv3 score of 8.6
More info.
Fortinet

Patch
Fortinet has published 8 new bulletins in their Monthly Patches, with updates for FortiOS, FortiProxy, FortiSandbox, FortiIsolator, FortiVoice, FortiManager and FortiAnalyzer. Highest CVSSv3 score of 9.6
More info.
Adobe

Patch
Adobe Monthly Patches include updates for After Effects, Substance 3D Viewer, Audition, InCopy, InDesign, Connect, Dimension, Substance 3D Stager, Illustrator, FrameMaker, AEM Forms, AEM Screens, and ColdFusion. Highest CVSSv3 score of 9.8
More info.
Juniper
Networks

Patch
Monthly Patches for Juniper include 28 new bulletins for JunOS, JunOS Evolved, and Security Director. Highest CVSSv4 score of 9.1
More info.
HPE

Patch
Linux

Patch
Tuesday 08 July 2025
MediaTek

Patch
MediaTek Monthly Patches include 16 fixed vulnerabilities, 7 rated High and 9 rated Medium.
More info.
Samsung

Patch
Samsung Android Monthly Patches include Samsung Semiconductor and 17 Samsung-specific SVEs.
More info.
Siemens

Patch
Monthly Patches from Siemens include 9 new bulletins and 17 updated bulletins. Of the new bulletins, highest CVSSv4 score of 9.3
More info.
Siemens SINEC NMS is affected by multiple vulnerabilities which could allow an attacker to elevate privilege and exceute arbitrary code. Highest CVSSv4 score of 9.3
More info.
Schneider
Electric

Patch
Schneider Electric Monthly Patches include 4 new bulletins and 6 updated bulletins. Of the new bulletins, highest CVSSv4 score of 9.5
More info.
SAP

Patch
Monthly Patches for SAP include 27 new Security Notes and 4 updated. Highest CVSSv3 score of 9.9
More info.
Splunk

Patch
Splunk has published 12 security bulletins, 4 for Splunk and 8 for third-party software included in Splunk. Two are rated Critical, 1 rated High, 7 rated Medium, and 2 rated Low.
More info.
Phoenix
Contact

Patch
Phoenix Contact has published 4 bulletins for vulnerabilities in CHARX SEC-3xxx charging controllers and PLCnext Firmware. Highest CVSSv3 score of 9.8
More info.
WAGO

Patch
WAGO Device Sphere has been updated to fix a vulnerability that installs identical certificates across all systems instead of unique ones, which are intended for JWT Token encryption and signing. A remote attacker may use default certificates to generate JWT Tokens and gain full access to the tool and all connected devices. CVSSv3 score of 10.
More info.
Linux

Patch
Monday 07 July 2025
Qualcomm

Patch
Qualcomm Monthly Patches include 20 patched vulnerabilities, 4 rated Critical and 16 rated High. Highest CVSSv3 score of 9.1
More info.
Samsung
Semiconductor

Patch
Samsung Semiconductor Monthly Patches include 2 vulnerabilities, 1 rated High and the other rated Medium.
More info.
NetApp

New
NetApp has published 10 new bulletins identifying vulnerabilities in third-party software included in their products. Highest CVSSv3 Score of 9.3
More info.
IBM

Patch
IBM has published a Critical bulletin for Rational DOORS.
More info.
Linux

Patch
Red Hat has updated the kernel. More info.
PRODUCT

GUARDED
This alert state represents the return towards normalisation of an alert state, indicating that there was a higher alert state due to a product vulnerability during the previous few days.
PRODUCT

INCREASED
This alert state indicates that a product vulnerability has been identified within the last few days. The vulnerability is either difficult to exploit, or if exploited, results in reduced impact to the target system.
PRODUCT

HIGH
This alert state indicates a more serious vulnerability which is exploitable.
PRODUCT

CRITICAL
This alert state indicates a significant threat to the product, where exploits exist or where the vulnerability is potentially devastating.

NEW
NEW
This bottom descriptor is used with a vulnerability which has been identified in the last 24 hours, with no patch or exploit. It will typically be paired with Increased.

+24hrs
+24hrs
This bottom descriptor is used with Indicates an alert state which has been present for more than 24 hours. It will typically be paired with Guarded, and could be changed to +48hr for an item that came out as Critical.

Patch
PATCH
This bottom descriptor indicates that patches are available for vulnerabilities, whether it is the initial report or a patch of a vulnerability that had been previously reported. It could be paired with Increased or High, and on rare occasions Critical.

Exploit
EXPLOIT
This bottom descriptor indicates that an Exploit has been made public for a vulnerability, whether it is the initial report or an indication of an exploit for a vulnerability that had been previously reported. It could be paired with High or Critical.

ZERO
ZERO DAY
This bottom descriptor indicates that a vulnerability has been announced without the opportunity for the vendor to patch it before the details are made known. It could be paired with High or Critical.