Vulnerability Details
The Computer Network Defence Alert State is designed to give a granular and more dynamic visualisation of the current cyber security threat. Any increase in an alert state will occur immediately an issue is detected and it will drop again by one level each working day.
Our rationale for this agility is that vulnerabilities often occur in clusters, therefore reducing the alert state again quickly, will increase your visibility of new threats to the same product. Daily reductions in alert state occur at approximately 1900 GMT/UTC. Significant vulnerabilities may remain for longer. Vulnerabilities on this page are predominantly remotely executable, very few local server exploits will be shown.
Monday 07 July 2025
Qualcomm

Patch
Qualcomm Monthly Patches include 20 patched vulnerabilities, 4 rated Critical and 16 rated High. Highest CVSSv3 score of 9.1
More info.
Samsung
Semiconductor

Patch
Samsung Semiconductor Monthly Patches include 2 vulnerabilities, 1 rated High and the other rated Medium.
More info.
NetApp

New
NetApp has published 10 new bulletins identifying vulnerabilities in third-party software included in their products. Highest CVSSv3 Score of 9.3
More info.
IBM

Patch
IBM has published a Critical bulletin for Rational DOORS.
More info.
Linux

Patch
Red Hat has updated the kernel. More info.
Friday 04 July 2025
Citrix

Patch
NetScaler ADC and NetScaler Gateway contain a memory overflow vulnerability that allows a remote attacker to cause unintended control flow and DoS. CVSSv4 score of 9.2
More info.
ABB

Patch
ABB RMC-100 with REST interface contains vulnerabilities that allow a remote attacker to gain unauthenticated access to the MQTT configuration data, cause a DoS, or decrypt encrypted MQTT broker credentials. Highest CVSSv3 score of 8.2
More info.
Dell

Patch
Dell has published a Critical bulletin for Data Protection Advisor.
More info.
Linux

Patch
Thursday 03 July 2025
Cisco

Patch
Cisco has published 4 new bulletins, 1 rated Critical and 3 rated Medium. The Critical bulletin identifies static SSH Credentials for root in Unified Communications Manager. CVSSv3 score of 10.
More info.
Mitsubishi
Electric

Patch
A DoS vulnerability exists in MELSEC iQ-F series that allows a remote attacker to lockout a legitimate user for a certain period of time by repeatedly attempting to login with an incorrect password. CVSSv3 score of 5.3
More info.
Arbitrary code execution vulnerabilities in 7-Zip allows a remote attacker to execute arbitrary malicious code by getting 7-Zip, which is included in MELSOFT Update Manager, to decompress a specially crafted compressed file. Highest CVSSv3 score of 8.1
More info.
Endress+
Hauser

Patch
Several vulnerabilities in the Endress+Hauser MEAC300-FNADE4 were discovered that can be accessed via Ethernet. Highest CVSSv3 score of 8.6
More info.
Mozilla

Patch
Mozilla has published a bulletin rated High for Thunderbird.
More info.
Dell

Patch
Dell has published a Critical bulletin for Integrated System for Microsoft Azure Stack Hub.
More info.
Wednesday 02 July 2025
Microsoft

Exploit
Microsoft has updated Edge with the latest chromium vulnerabilities. Exploits are in the wild.
More info.
Festo

Patch
FESTO Hardware Controller and Hardware Servo Press Kit contain several vulnerabilities that could allow a remote attacker to execute unauthorized system commands with root privileges. Highest CVSSv3 score of 9.8
More info. And here.
FESTO and FESTO Didactic CIROS Studio / Education, Automation Suite, FluidDraw, FluidSIM, and MES-PC contain a vulnerability that allows a remote attacker to gain full control of the host system, including remote code execution. CVSSv3 score of 9.8
No patch available.
More info.
Voltronic

Patch
Voltronic Power Viewpower and PowerShield NetGuard contain vulnerabilities that allows a remote attacker to make configuration changes, resulting in shutting down UPS connected devices or execution of arbitrary code. CVSSv3 score of 9.8
No patch from Voltronic Power, PowerShield has patches available.
More info.
Contec

Patch
Contec has identified several vulnerabilities in its CHS Web HMI/SCADA software that allows a remote attacker to steal and tamper with data, execute malicious programs that could result in destruction of the system, and deactivate of certain function. Highest CVSSv3 score of 6.1
More info.
ModSecurity

Patch
In ModSecurity, if the variable SecParseXmlIntoArgs is set to On or OnlyArgs, and the request type is application/xml, and at least one XML tag is empty then a segmentation fault occurs. CVSSv3 score of 6.5
More info.
IBM

Patch
IBM has published Critical bulletins for Business Automation Workflow, Cloud Pak for Data, and PowerVC.
More info.
Tuesday 01 July 2025

Patch
Pilz

New
The Pilz industrial PC IndustrialPI webstatus application is vulnerable to a remote attacker through authentication bypass. CVSSv3 score of 9.8
More info.
Authentication is not configured by default for the Node-RED server on the Pilz industrial PC IndustrialPI. A remote attacker has full access to the Node-RED server. CVSSv3 score of 10
More info.
Tenable

Patch
Tenable has updated Security Center to fix 3rd party software vulnerabilities. Highest CVSSv3 score of 7.5
More info.
Mbed TLS

Patch
Eight new security bulletins have been published for Mbed TLS.
More info.
Linux

Patch
Monday 30 June 2025
Pilz

Patch
PiCtory has three vulnerabilities, 2 rated Critical, 1 rated Medium. A remote attacker can bypass of authentication. Highest CVSSv3 score of 9.8
More info.
ifm electronic

New
A vulnerability has been disclosed in PLC ifm AC4xxS that allows a remote attacker to trigger the safety state resulting in a DoS. CVSSv3 score of 7.5
More info.
IBM

Patch
IBM has published Critical bulletins for Cloud Pak System Software, Tivoli System Automation Application Manager, Cognos Analytics, MQ, Sterling Connect:Direct Web Services, Storage Ceph, Personal Communications, Db2, App Connect Enterprise, Cloud Transformation Advisor, PowerVC, and WebSphere Service Registry and Repository.
More info.
Dell

Patch
Dell has published Critical bulletins for ObjectScale and NetWorker.
More info.
NetApp

New
NetApp has published 10 bulletins identifying vulnerabilities in third-party software included in their products. Highest CVSSv3 score of 9.8
More info.
Linux

Patch
PRODUCT

GUARDED
This alert state represents the return towards normalisation of an alert state, indicating that there was a higher alert state due to a product vulnerability during the previous few days.
PRODUCT

INCREASED
This alert state indicates that a product vulnerability has been identified within the last few days. The vulnerability is either difficult to exploit, or if exploited, results in reduced impact to the target system.
PRODUCT

HIGH
This alert state indicates a more serious vulnerability which is exploitable.
PRODUCT

CRITICAL
This alert state indicates a significant threat to the product, where exploits exist or where the vulnerability is potentially devastating.

NEW
NEW
This bottom descriptor is used with a vulnerability which has been identified in the last 24 hours, with no patch or exploit. It will typically be paired with Increased.

+24hrs
+24hrs
This bottom descriptor is used with Indicates an alert state which has been present for more than 24 hours. It will typically be paired with Guarded, and could be changed to +48hr for an item that came out as Critical.

Patch
PATCH
This bottom descriptor indicates that patches are available for vulnerabilities, whether it is the initial report or a patch of a vulnerability that had been previously reported. It could be paired with Increased or High, and on rare occasions Critical.

Exploit
EXPLOIT
This bottom descriptor indicates that an Exploit has been made public for a vulnerability, whether it is the initial report or an indication of an exploit for a vulnerability that had been previously reported. It could be paired with High or Critical.

ZERO
ZERO DAY
This bottom descriptor indicates that a vulnerability has been announced without the opportunity for the vendor to patch it before the details are made known. It could be paired with High or Critical.