Skip to main content

Vulnerability Details

The Computer Network Defence Alert State is designed to give a granular and more dynamic visualisation of the current cyber security threat.  Any increase in an alert state will occur immediately an issue is detected and it will drop again by one level each working day

Our rationale for this agility is that vulnerabilities often occur in clusters, therefore reducing the alert state again quickly, will increase your visibility of new threats to the same product. Daily reductions in alert state occur at approximately 1900 GMT/UTC. Significant vulnerabilities may remain for longer. Vulnerabilities on this page are predominantly remotely executable, very few local server exploits will be shown.

Tuesday 15 July 2025


Oracle

Patch

Oracle's Quarterly Critical Patch Update addresses 305 new security patches, according to the pre-release, 145 of which are remotely exploitable without authentication. Highest CVSSv3 score of 9.8
Patches are expected out this afternoon.
More info.


SCATI

Patch

A high severity vulnerability affects SCATI Vision Web allows an attacker to exfiltrate some data from the database. CVSSv4 score of 8.3
More info.


Unisoc

Patch

Unisoc has published security patches with 3 vulnerabilities, 1 rated Critical, 1 rated High, 1 rated Medium. Highest CVSSv3 score of 9.8
More info.


Linux

Patch

SUSE has updated the kernel. More info.
Ubuntu has updated the kernel. More info.


Monday 14 July 2025


KUNBUS

Patch

The RevPi Webstatus application is vulnerable to an authentication bypass. CVSSv3 score of 9.8
More info. And here.


Omron

Patch

A vulnerability exists in the communication function between the NJ/NX-series Machine Automation Controllers and the Sysmac Studio Software, allowing a remote attacker to perform unauthorized access and to execute unauthorized code remotely to the controller products. CVSSv3 score of 7.0
More info.


IBM

Patch

IBM has published Critical bulletins for Hardware Management Console, Cloud Pak System Software, Tivoli Netcool Configuration Manager, Rational DOORS, Netezza Analytics, and Business Monitor.
More info.


NetApp

New

NetApp has published 10 new bulletins identifying vulnerabilities in third-party software included in their products. Highest CVSSv3 score of 10.
More info.


Linux

Patch

Red Hat has updated the kernel. More info.


Friday 11 July 2025


Apache

Patch

Apache has published security updates for HTTP Server and Tomcat.  HTTP Server has Moderate and Low vulnerabilities. Tomcat has Important and Low vulnerabilities.
More info. And here. And here.


GnuTLS

Patch

GnuTLS has published an update that fixes 5 vulnerabilities, 3 rated Medium and 2 rated Low.
More info.


Alcatel
Lucent

Patch

ALE has released an update for OmniAccess Stellar WLAN Access Points to address multiple security vulnerabilities. Highest CVSSv3 score of 9.8
More info.


Broadcom

Patch

Broadcom has published three new bulletins for VMware Tanzu Data Services and Data Suite, 1 rated Critical and 2 rated High. Highest CVSSv3 score of 9.8
More info.


Dell

Patch

Dell has published a Critical bulletin for UCC Edge.
More info.


Watchguard

Patch

Watchguard has published 6 new bulletins, 2 rated High and 4 rated Medium.  Highest CVSSv3 score of 8.9
More info.


Linux

Patch

SUSE has updated the kernel. More info.
OpenSUSE has updated the kernel. More info.
Amazon Linux 2 and 2023 has updated the kernel. More info. And here.
AlmaLinux has updated the kernel. More info.


Thursday 10 July 2025


Emerson

Patch

Emerson ValveLink Products contains multiple vulnerabilities including Cleartext Storage of Sensitive Information in Memory, Protection Mechanism Failure, Uncontrolled Search Path Element, and Improper Input Validation. Highest CVSSv4 score of 9.3
More info.


Ruckus
Wireless

New

Multiple vulnerabilities have been identified in Ruckus Virtual SmartZone and Network Director including authentication bypass, hardcoded secrets, and unauthenticated remote code execution. Highest CVSSv3 score of 9.8
No responses from vendor.
More info.


Zoom

Patch

Zoom has published 6 new bulletins, 3 of which identify vulnerabilities exploitable by remote attackers.  Highest CVSSv3 score of 7.4
More info.


Broadcom

Patch

Broadcom has published 13 new bulletins for Brocade SANNav, 6 rated Medium and 7 rated Low.
More info.

Broadcom has published new bulletins for VMware Tanzu Greenplum and GemFire.  Highest CVSSv3 score of 9.8
More info.


IBM

Patch

IBM has published Critical bulletins for Analytics Content Hub, Cloud Pak for Applications, Enterprise Application Runtimes, WebSphere Hybrid Edition, Db2, watsonx, Verify Identity Access, and Tivole Composite Application Manager.
More info.


Linux

Patch

SUSE has updated the kernel. More info.
OpenSUSE has updated the kernel. More info.
Oracle Linux has updated the kernel. More info.


Wednesday 09 July 2025


Microsoft

Patch

Microsoft Monthly Patches incude 130 fixed vulnerabilities and 9 additional vulnerabilities not part of Microsoft's portfolio but distributed by Microsoft. Fourteen are rated Critical, 1 was publicly disclosed. Highest CVSSv3 score of 9.8
More info. And here. And here.


Palo Alto
Networks

Patch

Monthly Patches for Palo Alto Networks includes 5 bulletins, with updates for GlobalProtect App, Autonomous Digital Experience Manager, and Prisma Access browser, along with third-party software updates. Highest CVSSv3 score of 8.6
More info.


Fortinet

Patch

Fortinet has published 8 new bulletins in their Monthly Patches, with updates for FortiOS, FortiProxy, FortiSandbox, FortiIsolator, FortiVoice, FortiManager and FortiAnalyzer.  Highest CVSSv3 score of 9.6
More info.


Adobe

Patch

 Adobe Monthly Patches include updates for After Effects, Substance 3D Viewer, Audition, InCopy, InDesign, Connect, Dimension, Substance 3D Stager, Illustrator, FrameMaker, AEM Forms, AEM Screens, and ColdFusion. Highest CVSSv3 score of 9.8
More info.


Juniper
Networks

Patch

Monthly Patches for Juniper include 28 new bulletins for JunOS, JunOS Evolved, and Security Director. Highest CVSSv4 score of 9.1
More info.


HPE

Patch

HPE Aruba Instant-On Access Points contain Access Restriction Bypass and Arbitrary Code Execution vulnerabilities.  Highest CVSSv3 score of 9.8
More info.

HPE SANnav Management Portal and Fabric OS contains multiple vulnerabilities. Highest CVSSv3 score of 9.8
More info.


Linux

Patch

SUSE has updated the kernel. More info.
Red Hat has updated the kernel. More info.
Ubuntu has updated the kernel. More info.
AlmaLinux has updated the kernel. More info.


Tuesday 08 July 2025


MediaTek

Patch

MediaTek Monthly Patches include 16 fixed vulnerabilities, 7 rated High and 9 rated Medium.
More info.


Samsung

Patch

Samsung Android Monthly Patches include Samsung Semiconductor and 17 Samsung-specific SVEs.
More info.


Siemens

Patch

Monthly Patches from Siemens include 9 new bulletins and 17 updated bulletins.  Of the new bulletins, highest CVSSv4 score of 9.3
More info.

Siemens SINEC NMS is affected by multiple vulnerabilities which could allow an attacker to elevate privilege and exceute arbitrary code. Highest CVSSv4 score of 9.3
More info.


Schneider
Electric

Patch

Schneider Electric Monthly Patches include 4 new bulletins and 6 updated bulletins. Of the new bulletins, highest CVSSv4 score of 9.5
More info.


SAP

Patch

Monthly Patches for SAP include 27 new Security Notes and 4 updated. Highest CVSSv3 score of 9.9
More info.


Splunk

Patch

Splunk has published 12 security bulletins, 4 for Splunk and 8 for third-party software included in Splunk. Two are rated Critical, 1 rated High, 7 rated Medium, and 2 rated Low.
More info.


Phoenix
Contact

Patch

Phoenix Contact has published 4 bulletins for vulnerabilities in CHARX SEC-3xxx charging controllers and PLCnext Firmware. Highest CVSSv3 score of 9.8
More info.


WAGO

Patch

WAGO Device Sphere has been updated to fix a vulnerability that installs identical certificates across all systems instead of unique ones, which are intended for JWT Token encryption and signing. A remote attacker may use default certificates to generate JWT Tokens and gain full access to the tool and all connected devices. CVSSv3 score of 10.
More info.


Linux

Patch

SUSE has updated the kernel. More info.
OpenSUSE has updated the kernel. More info.
Red Hat has updated the kernel-rt. More info.
Oracle Linux has updated the kernel. More info.


Monday 07 July 2025


Qualcomm

Patch

Qualcomm Monthly Patches include 20 patched vulnerabilities, 4 rated Critical and 16 rated High. Highest CVSSv3 score of 9.1
More info.


Samsung
Semiconductor

Patch

Samsung Semiconductor Monthly Patches include 2 vulnerabilities, 1 rated High and the other rated Medium.
More info.


NetApp

New

NetApp has published 10 new bulletins identifying vulnerabilities in third-party software included in their products. Highest CVSSv3 Score of 9.3
More info.


IBM

Patch

IBM has published a Critical bulletin for Rational DOORS.
More info.


Linux

Patch

Red Hat has updated the kernel. More info.


PRODUCT

GUARDED 

This alert state represents the return towards normalisation of an alert state, indicating that there was a higher alert state due to a product vulnerability during the previous few days.


PRODUCT

INCREASED 

This alert state indicates that a product vulnerability has been identified within the last few days. The vulnerability is either difficult to exploit, or if exploited, results in reduced impact to the target system.


PRODUCT

HIGH 

This alert state indicates a more serious vulnerability which is exploitable.


PRODUCT

CRITICAL 

This alert state indicates a significant threat to the product, where exploits exist or where the vulnerability is potentially devastating.


NEW

NEW 

This bottom descriptor is used with a vulnerability which has been identified in the last 24 hours, with no patch or exploit. It will typically be paired with Increased.


+24hrs

+24hrs

 This bottom descriptor is used with Indicates an alert state which has been present for more than 24 hours. It will typically be paired with Guarded, and could be changed to +48hr for an item that came out as Critical.


Patch

PATCH 

This bottom descriptor indicates that patches are available for vulnerabilities, whether it is the initial report or a patch of a vulnerability that had been previously reported.  It could be paired with Increased or High, and on rare occasions Critical.


Exploit

EXPLOIT 

This bottom descriptor indicates that an Exploit has been made public for a vulnerability, whether it is the initial report or an indication of an exploit for a vulnerability that had been previously reported.  It could be paired with High or Critical.


ZERO

ZERO DAY 

This bottom descriptor indicates that a vulnerability has been announced without the opportunity for the vendor to patch it before the details are made known.  It could be paired with High or Critical.