The latest GitLab release includes 10 security fixes, 4 rated High, 5 rated Medium, 1 rated Low. Highest CVSSv4 score of 8.7
More info.

PTZOptics and other Pan-Tilt-Zoom Camera providers contain several vulnerabilities including Hardcoded Credentials and Improper Authentication. CVSSv4 score of 9.3
PTZOptics has patched, but others have not.
More info.

A path traversal vulnerability in the NuPoint Unified Messaging component of Mitel MiCollab could allow a remote attacker to conduct a path traversal attack due to insufficient input validation. CVSSv3 score of 9.8
More info.

Several vulnerabilities have been reported in Ricoh software, including an RCE vulnerability in Ricoh Streamline NX PC client. Highest CVSSv3 score of 9.8
More info. And here.

Mendix Studio Pro contains a vulnerability in the module installation process, that could allow a remote attacker to write or modify arbitrary files in directories outside a developer’s project directory. CVSSv4 score of 6.1
More info.

The XWiki query validator does not sanitize functions that would be used in a simple select and Hibernate allows using any native function in an HQL query. It's possible to execute any SQL query. CVSSv4 score of 9.3
More info. And here.

Palo Alto Networks Monthly Patches include 7 bulletins, 2 rated High, 2 rated Medium, and 3 rated Low. Highest CVSSv3 score of 8.6
More info. And here.

Moxa PT-G7728 and PT-G7828 series are affected by a high-severity vulnerability that could allow a remote attacker to cause a DoS. CVSSv4 score of 8.7
More info.

The LANTIME Firmware has been updated to fix security vulnerabilities in third-party software included.  Highest CVSSv3 score of 7.5
More info.

Mozilla has published security bulletins for Thunderbird and Firefox, rated High.
More info.

SinoTrack Devices have two vulnerabilities, including Weak Authentication and Observable Response Discrepency. Highest CVSSv4 score of 8.8
More info.

DICOM Viewer contains an out-of-bounds write vulnerability. A remote attacker can exploit this to execute arbitrary code. CVSSv4 score of 8.6
More info.

SUSE has updated the kernel. More info.
Red Hat has updated the kernel. More info.
Amazon Linux 2 has updated the kernel. More info.
AlmaLinux has updated the kernel. More info.
Rocky Linux has updated the kernel. More info. And here.

Microsoft Monthly Patches include 67 vulnerabilities. 10 rated Critical, 1 actively exploited, and 1 publicly disclosed. Highest CVSSv3 score of 9.8
More info. And here.

Monthly Patches from Adobe include updates for InCopy, Experience Manager, Commerce, InDesign, Substance 3D Sampler, Acrobat Reader, and Substance 3D Painter. Highest CVSSv3 score of 9.1
More info.

Fortinet Monthly Patch day includes 14 bulletins, 13 new and 1 updated, with updates for FortiOS, FortiClient, FortiClientEMS, FortiPAM and FortiSRA GUI, FortiOS SSL-VPN, FortiPortal, FortiADC, FortiManager, FortiAnalyzer, FortiProxy, and FortiWeb. Highest CVSSv3 score of 9.6
More info.

Google has published their Monthly Patches for Pixel, with 16 security fixes, 2 rated Critical, 9 rated High, and 5 rated Moderate. plus Android updates.
More info.

Google has updated Chrome for Desktop to fix 2 security vulnerabilities, both rated High.
More info.

Microsoft is aware. More info.

GFI has updated Archiver to fix vulnerabilities reported by Tenable.  Highest CVSSv3 score of 9.8
More info. And here.

Trend Micro has released a new Critical Patch for Trend Micro Apex Central that resolves two critical vulnerabilities. Highest CVSSv3 score of 9.8
More info.

Siemens Monthly Patches include 6 new bulletins and 19 updated bulletins.  Of the new bulletins Highest CVSSv4 score of 9.5  Three of the new bulletins are remotely exploitable, in Elspec G5DVR, Sematics S7-1500, and RUGGEDCOM APE1808 products.
More info.

Monthly Patches for Schneider Electric include 3 new bulletins for Insight Home and Insight Facility, Modicon Controllers, and EVLink WallBox. Highest CVSSv4 score of 7.1
More info.

SAP Monthly Patch day includes 14 new Security Notes, 1 rated Critical, 5 rated High, 6 rated Medium, and 2 rated Low. Highest CVSSv3 score of 9.6
More info.

A security vulnerability has been uncovered in  Telex Remote Dispatch Console Server and the RTS VLink Virtual Matrix Software that allows a remote attacker to achieve RCE. CVSSv3 score of 10
More info.

JP1/IT Desktop Management 2 has been updated to fix a vulnerability in Apache XMLBeans. CVSSv3 score of 9.1
Note that this vulnerability is from 2021.
More info.

SolarWinds Platform 2025.2 contains multiple vulnerabilities, including a DoS from OpenSSH. Highest CVSSv3 score of 7.5
More info.

A Denial of Service (DoS) vulnerability was discovered in the CoreDNS DNS-over-QUIC (DoQ) server implementation.
More info.

Trend Micro Apex One updates fix several security vulnerabilities, including an uncontrolled search path vulnerability that allows a remote attacker to inject malicious code leading to arbitrary code execution on affected installations. Highest CVSSv3 score of 8.8
More info.

The LLaVA-NeXT project suffers from a sensitive information disclosure due to a hardcoded HuggingFace token with privileged permissions exposed. By exploiting this information, a remote attacker could conduct supply chain attacks and compromise the affected HuggingFace's organizations to perform malicious operations.
More info.

Red Hat has updated the kernel and kernel-rt. More info.
Oracle Linux has updated the kernel. More info.
Ubuntu has updated the microcode and systemd. More info.
Mageia has updated the kernel. More info.
Amazon Linux 2 has updated the kernel. More info.

Hongding Technology Smart Parking Management System contains an exposure of sensitive information vulnerability.  CVSSv4 score of 9.3
More info.

QNAP has identified vulnerabilities in OpenSSH that affect QTS and QuTShero. Highest CVSSv3 score of 6.8
More info.

Red Hat has updated the kernel. More info.
Oracle Linux has updated the kernel. More info.
Mageia has updated systemd. More info.

CyberData 011209 SIP Emergency Intercom contains several vulnerabilities, including Authentication Bypass, Missing Authentication, SQL Injection, Insufficiently Protected Credentials, and Path Traversal.  Highest CVSSv4 score of 9.3
More info.

Eight vulnerabilities have been identified in ZIV's IDF and ZLF protections, 2 of rated High and 6 rated Medium. Highest CVSSv3 score of 8.7
More info.

NetApp has published 10 bulletins identifying vulnerabilities in third-party software included in their products.  Highest CVSSv3 score of 9.8
Five have patches.
More info.

Dell has published a Critical bulletin for SmartFabric Manager.
More info.

IBM has published a Critical bulletin for Db2.
More info.

Amazon Linux 2023 have updated the microcode. More info.

Cisco has published 10 new bulletins, 1 rated Critical, 2 rated High, and 7 rated Medium.
More info.

A vulnerability in AWS, Microsoft Azure, and OCI cloud deployments of Cisco ISE could allow a remote attacker to access sensitive data, execute limited administrative operations, modify system configurations, or disrupt services within the impacted systems. CVSSv3 score of 9.9
More info.

A vulnerability in the SSH implementation of Cisco NDFC could allow a remote attacker to impersonate Cisco NDFC-managed devices. CVSSv3 score of 8.7
More info.

HPE has published an update for Insight Remote Support that fixes previously reported zero-day vulnerabilities. Highest CVSSv3 score of 9.8
More info.

NetApp has published 10 new bulletins identifying vulnerabilities in third-party software included in their products.  Highest CSSv3 score of 9.8
More info.

IBM has published Critical bulletins for Concert Software, Maximo AI Service, QRadar Suite, Storage Software, Guardium Data Security, Knowledge Catalog, 
More info.

Internal HTTP response logging allows control characters  to be written unescaped into logs. This could enable log injection or forgery, letting attackers manipulate log appearance or structure. CVSSv3 score of 4.0
More info.

Samsung has published Monthly Patches for Android with 19 vulnerabilities, plus Google Android and Samsung Semiconductor vulnerability patches.
More info.

Microsoft has updated Edge with the latest chromium updates.
More info.

Two security vulnerabilities had been identified in HPE Telco Service Orchestrator software that could be remotely exploited causing DoS and Access Restriction Bypas.. Highest CVSSv3 score of 9.8
More info.

Acronis has published 8 security bulletins for Acronis CyberProtect, 4 rated Critical, 1 rated High, and 3 rated Medium. Highest CVSSv3 score of 10
More info.

Mailman 3 contains multiple advisories affecting the CPython tarfile module, 1 rated Critical, 3 rated High, and 1 rated Moderate. Highest CVSSv3 score of 9.4
More info.

HP ThinPro contains dozens of security vulnerabilities that have been patched in the latest version. Highest CVSSv3 score of 10.
More info.

SUSE has updated the kernel and microcode. More info.
Ubuntu has updated the kernel. More info.

Google has published Monthly Patches for Android with 11 vulnerabilities rated High, plus Qualcomm, Imagination Technologies, and Arm vulnerability patches.
More info.

Google has published an update for Chrome for Desktop that fixes 3 security vulnerabilities.
More info.

Splunk Quarterly Patches have been published with 2 vulnerabilities, one rated High and one rated Medium, and 2 third-party software updates rated Critical.  Of the 2 vulnerabilities, Highest CVSSv3 score of 8.
More info.

ABB Welcome IP-Gateway products contain several security vulnerabilities. Highest CVSSv3 score of 9.8
More info.

Pilz has published 4 new bulletins, identifying vulnerabilities in PiCtory, IndustrialPI Webstatus, and Node-RED integration. Highest CVSSv3 score of 9.8
More info.

Security vulnerabilities have been identified in HPE StoreOnce Software thatcould allow a remote attacker to achieve RCE, disclosure of information, server-side request forgery, authentication bypass, arbitrary file deletion, and directory traversal information disclosure. Highest CVSSv3 score of 9.8
More info.

A DoS vulnerability has been identified ModSecurity.  Patches will be published soon. CVSSv3 score of 7.5
More info.

Ubuntu has updated the kernel. More info.
Amazon Linux 2023 has updated the kernel and microcode. More info.

Qualcomm Monthly Patches include 10 new bulletins, 2 rated Critical and 8 rated High. Highest CVSSv3 score of 8.6
More info.

MediaTek Monthly Patches include 7 vulnerabilities, 1 rated High and 6 rated Medium. 
More info.

Samsung Semiconductor Monthly Patches include 14 vulnerabilities, 10 rated High, 4 rated Medium.
More info.

HPE Insight Remote Support contains several unpatched vulnerabilities, including an unauthenticated DoS.
More info.

Moxa products contain a resource exhaustion vulnerability in the implementation of the Diffie-Hellman key exchange protocol. CVSSv3 score of 7.5
Note this is a 2002 vulnerability.
More info.

Multiple NetApp products incorporate Apache Zookeeper which is susceptible to a vulnerability that could lead to disclosure of sensitive information or addition or modification of data. CVSSv3 score of 9.1
More info.

SUSE has updated the kernel. More info.
Red Hat has updated the kernel and kpatch. More info.
Alpine Linux has published version 3.22.0  More info.