A relative path traversal vulnerability in FortiWeb may allow an unauthenticated attacker to execute administrative commands on the system via crafted HTTP or HTTPS requests.
CVSSv3 9.1
More Info....

Sony NCP-HG100/WLAN. A remote attacker who has obtained the authentication information to log in to the management page of the product may execute an arbitrary OS command with root privileges.
CVSSv4 8.6 
More Info....

Any Crestron devices using Android 13 or higher. CVE-2025-48593 is a critical vulnerability. Exploiting this flaw allows an attacker to execute arbitrary code remotely. Successful exploitation can lead to full compromise of the affected device. CVSSv3 - 9.8
More info....

Multiple vulnerabilities; AIX, IBM Business Automation Workflow, IBM Diamondback Tape Library, IBM TS4500, IBM TS7700 Virtual Tape Library, IBM Application Gateway. 
More Info....

An authentication bypass vulnerability has been identified in certain DSL series routers, may allow remote attackers to gain unauthorized access into the affected system.
CVSSv4 - 9.3
More Info....

A vulnerability in Cisco Catalyst Center Virtual Appliance could allow an authenticated, remote attacker to elevate privileges to Administrator on an affected system. 
CVSSv3 - 8.8
More Info....

Operational Technology ICS – Multiple Vulnerabilities 6 rated High. 
More Info....

Stack-based buffer overflow in Linksys E1200 v2 httpd allows remote code execution via crafted HTTP requests.
More Info....

Azure SDK for Java may allow privilege escalation under certain conditions. CVSSv3 9.1 
More Info....

Dell SmartFabric OS10 Software, versions prior to 10.6.1.0, contain an Improper Neutralization of Special Elements used in a Command vulnerability. CVSSv3 - 8.8
More info....

Improper neutralization of special elements used in a command in Visual Studio Code CoPilot Chat Extension allows an unauthorized attacker to execute code over a network. CVSSv3 - 8.8 
More Info....

With older versions of jackson-core, if you parse an input file and it has deeply nested data, Jackson could end up throwing a StackoverflowError if the depth is particularly large. 
More Info....

CISA Report Actively Exploited – 17 Sep 2025  WatchGuard Firebox contains an out-of-bounds write vulnerability in the OS iked process that may allow a remote unauthenticated attacker to execute arbitrary code.
More Info....

Multiple Vulnerabilities
More Info....

Monthly patches. This month’s release addresses 68 vulnerabilities, including five critical and 59 important-severity vulnerabilities. 
More Info....

Synology BeeStation OS allows remote attackers to execute arbitrary code. CVSSv3 - 9.8
More info....

Multiple vulnerabilities in JP1 and Cosminexus. 
More Info....

Docker Compose trusts the path information embedded in remote OCI compose artifacts. 
CVSSv3 - 9.6 
More Info....

NVIDIA AIStore contains a vulnerability in AuthN. A successful exploit of this vulnerability might lead to escalation of privileges, information disclosure, and data tampering. CVSSv3 - 8.8
More Info....

Command blacklist bypass in Execute Program action enabling execution of unauthorized commands.  CVSSv3 8.8 
More Info....

Monthly Patches - Multiple vulnerabilities including 3 high and 7 medium severity
More Info....

Monthly patches – 18 vulnerabilities including 3 critical.
More info....

An improper neutralization of input vulnerability was identified in GitHub Enterprise Server that allows DOM-based cross-site scripting via Issues search label filter that could lead to privilege escalation.
CVSSv4 - 8.6
More Info....

An issue in AWS Wrappers for Amazon Aurora PostgreSQL may allow for privilege escalation
CVSSv4 - 8.6 
More Info....

Chinese Motorcycle vendor - An Insecure Direct Object Reference (IDOR) vulnerability exists in the vehicleId parameter, allowing unauthorized access to sensitive information of other users’ vehicles.
CVSSv3: 8.5
More Info....

Multiple vulnerabilities.
A specially crafted packet sent by an attacker could cause a denial-of-service (DoS) condition.
CVSSv4 - 8.7
More info....

Multiple vulnerabilities including critical and high.
More Info....

Improper Authorization in Elastic Cloud Enterprise can lead to Privilege Escalation where the built-in readonly user can call APIs that should not be allowed. 
CVSSv3 - 8.8 
More Info....

Multiple Vulnerabilities, including 5 Critical and 3 Important.
More Info....

EXPRESSCLUSTER X contains an OS command injection vulnerability (CVE-2025-11546). If an attacker sends specially crafted network packets to the product, arbitrary OS commands may be executed without authentication.
CVSSv3: 9.8
More Info....

Multiple NetApp products incorporate OpenSSH. are susceptible to a vulnerability which when successfully exploited could lead to disclosure of sensitive information, addition or modification of data, or Denial of Service (DoS).
CVSSv3 - 9.8
More info....

ICS Successful exploitation of these vulnerabilities could result in a denial-of-service condition, remote code execution, or an attacker reading arbitrary files.
CVSSv4 - 8.7
More Info....

ICS Successful exploitation of this vulnerability could allow an attacker to remotely view camera feeds or modify settings. No response from Chinese manufacturer regarding patching. 
CVSSv4 - 7.1 
More Info....

The default configuration of WatchGuard Firebox devices allows administrative access via SSH on port 4118 
CVSSv4 - Not Yet
More Info....

Multiple vulnerabilities, including 2 ciritical. This vulnerability could enable attackers to, bypass front-end security controls, launch targeted attacks against active site users, and poison web caches. 
highest CVSSv3 9.1  More Info....

Cisco has published 4 new bulletins, 1 critical, 1 high and 2 medium. Multiple vulnerabilities in the Java Remote Method Invocation (RMI) process of Cisco Unified Contact Center Express (Unified CCX). CVSS3: 9.8 More Info....

Google Chrome. The Stable channel has been updated for Windows, Mac and Linux. Microsoft is aware.
More info....

Microsoft is aware of the recent Chromium security fixes. They are actively working on releasing a security fix. More Info....

Denial-of-Service (DoS) vulnerability exists in the TCP communication function on the MELSEC iQ-F Series CPU module. A remote attacker may be able to disconnect the connection by sending specially crafted TCP packets to cause a denial-of-service (DoS) More Info....

Multiple vulnerabilities are addressed with IBM Business Automation Workflow containers. More Info....

Multiple vulnerabilities highest CVSSv3 10  More Info....

CVSS:3 10.0 / 8.7 - Microsoft has released the latest Microsoft Edge Android Stable Channel which incorporates the latest Security Updates of the Chromium project. More Info....

CVSS v4 9.3 - License Plate Recognition Camera. Successful exploitation of this vulnerability could allow an attacker to fully access the system without requiring authentication.
More info....

CVSS v4 10.0 - Successful exploitation of these vulnerabilities could allow attackers to manipulate critical weather parameters and runway settings, mislead air traffic control and pilots.  More Info....

The LANTIME firmware version 7.10.004 includes security updates of several libraries and programs. More Info....

CVSSv4 10/8.9 - An attacker can escape the cache directory and overwrite arbitrary files on the machine running docker compose, even if the user only runs read‑only commands such as docker compose config or docker compose ps. More Info....

Dell NetWorker vProxy remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system. More Info...

Monthly Patches for Android are out, with 2 vulnerabilities, 1 rated Critical and 1 rated High.
More info.

Monthly Patches for Samsung Android, along with Google patches and Samsung Semiconductor patches, provides 9 SVE items. 
More info.

Monthly Patches from Qualcomm include 13 vulnerability fixes, 12 rated High and 1 rated Medium. Highest CVSSv3 score of 8.8
More info.

Apple has published security bulletins for iOS, iPadOS, macOS, tvOS, watchOS, visionOS, Safari, and Xcode.
More info.

Tenable Identity Exposure has been updated to fix vulnerabilities in third-party software included in their product. Highest CVSSv3 score of 9.9
More info.

There are 7 new bulletins for VMware Tanzu products, 2 rated Critical and 5 rated High.
More info.

Oracle Linux has updated the kernel. More info.

Microsoft has updated Edge to include the latest chromium fixes and 1 Edge-specific vulnerability. 
More info.

Monthly Patches for Samsung Semiconductor include 16 security fixes. 
More info.

MediaTek Monthly Patches include 25 security fixes, 10 rated High and 15 rated Medium. 
More info.

A RADIUS Vulnerability exists in Hitachi Energy AFS, AFR and AFF Series Products. CVSSv3 score of 9.0
More info.

Security vulnerabilities have been identified in HPE Private Cloud AI. Highest CVSSv3 score of 9.8
More info.

NetApp has published 13 new bulletins identifying vulnerabilities in third-party software included in their products. Highest CVSSv3 score of 8.6
More info.

Several WAGO firmwares installed on different devices are impacted by various CODESYS vulnerabilities. Highest CVSSv3 score of 7.5
More info.

IBM has published Critical bulletins for Business Automation Insights, Maximo Application Suite, and Guardium Data Security Center.
More info.

Red Hat has updated the kernel and kernel-rt. More info.
Oracle Linux has updated the kernel. More info.
Rocky Linux 8 has updated the kernel. More info.

Chromium-based browsers are affected by a vulnerability in Blink that could cause a DoS. Edge, Brave, and others are affected as well. Firefox, Safari, and browsers on iOS are not affected.
No patches yet.
More info.

IBM has published Critical bulletins for DevOps Solution Workbench, Aspera, and CloudPak for AIOps.
More info.

SUSE has updated the kernel. More info.
Ubuntu has updated the kernel. More info.

Splunk has published 4 bulletins identifying vulnerabilities in third-party products included in their products, 2 rated Critical and 2 rated High.
More info.

Broadcom has published 12 bulletins for VMware Tanzu, 9 rated Critical, 3 rated High.
More info.

Google has updated Chrome for Desktop to fix 20 security vulnerabilities.
More info.

ISC has updated kea to address a vulnerability in kea-dhcpv4, Invalid characters can cause an assert. CVSSv3 score of 7.5
More info.

Dell has published Critical bulletins for Secure Connect Gateway, Avamar, Networker, PowerProtect, IDPA, and Apex Cloud Platform.
More info.

IBM has published a Critical bulletin for Security QRadar SIEM.
More info.

Ubuntu has updated the microcode. More info.

Jenkins has published a security advisory that identifies 14 vulnerabilities, 3 rated High and 11 rated Medium.
More info.

Mozilla has published a security patch for Firefox that fixes a vulnerability rated High.
More info.

Pilz has published a security bulletin for PASvisu that fixes several vulnerabilities.
More info.

Softing has published a security bulletin for smartLink HW-PN and smartLink HW-DP that fixes a vulnerability allowing a webserver crash caused by scanning on TCP port 80. CVSSv4 score of 8.7
More info.

Dell has published Critical bulletins for CloudLink and Networking products.
More info.

IBM has published a Critical bulletin for EDB Postgres Advanced Server.
More info.

Red Hat has updated the kernel and kernel-rt. More info.
Oracle Linux has updated the kernel. More info.
Amazon Linux 2 has updated the kernel. More info.

HP has published a security update for HP ThinPro that fixes several vulnerabilities. Highest CVSSv3 score of 9.8
More info.

Apache Tomcat has been updated to fix 3 security vulnerabilities, 1 rated Important and 2 rated Low.
More info.

 SICK has identified multiple vulnerabilities in the SICK TLOC100-100 product. Highest CVSSv3 score of 9.3
More info.

IQ Engine (HiveOS) is affected by a vulnerability in OpenSSH which could allow a remote attacker to perform a remote code execution.
More info.

IBM has published a Critical bulletin for Concert Software.
More info.

SUSE has updated the kernel. More info.
Oracle Linux has updated the kernel. More info.
Amazon Linux 2023 has updated the kernel. More info.
AlmaLinux has updated the kernel and kernel-rt. More info.

Microsoft has updated a previously published vulnerability that had an incomplete fix to provide the complete fix. CVSSv3 score of 9.8
More info. And here. 

Philips has reported that PIC iX is vulnerable. More info.

A vulnerability related to processing Failure Request packets on the client was discovered in strongSwan that can result in a heap-based buffer overflow and potentially remote code execution.
More info.

IBM has published a Critical bulletin for OpenPages.
More info.

Red Hat has updated the kernel and kernel-rt. More info.