Qualcomm Monthly Patches include 20 patched vulnerabilities, 4 rated Critical and 16 rated High. Highest CVSSv3 score of 9.1
More info.

Samsung Semiconductor Monthly Patches include 2 vulnerabilities, 1 rated High and the other rated Medium.
More info.

NetApp has published 10 new bulletins identifying vulnerabilities in third-party software included in their products. Highest CVSSv3 Score of 9.3
More info.

IBM has published a Critical bulletin for Rational DOORS.
More info.

Red Hat has updated the kernel. More info.

NetScaler ADC and NetScaler Gateway contain a memory overflow vulnerability that allows a remote attacker to cause unintended control flow and DoS. CVSSv4 score of 9.2
More info.

ABB RMC-100 with REST interface contains vulnerabilities that allow a remote attacker to gain unauthenticated access to the MQTT configuration data, cause a DoS, or decrypt encrypted MQTT broker credentials. Highest CVSSv3 score of 8.2
More info.

Dell has published a Critical bulletin for Data Protection Advisor.
More info.

Oracle Linux has updated the kernel. More info.
Ubuntu has updated the kernel. More info.

Cisco has published 4 new bulletins, 1 rated Critical and 3 rated Medium.  The Critical bulletin identifies static SSH Credentials for root in Unified Communications Manager.  CVSSv3 score of 10.
More info.

A DoS vulnerability exists in MELSEC iQ-F series that allows a remote attacker to lockout a legitimate user for a certain period of time by repeatedly attempting to login with an incorrect password. CVSSv3 score of 5.3
More info.

Arbitrary code execution vulnerabilities in 7-Zip allows a remote attacker to execute arbitrary malicious code by getting 7-Zip, which is included in MELSOFT Update Manager, to decompress a specially crafted compressed file. Highest CVSSv3 score of 8.1
More info.

Several vulnerabilities in the Endress+Hauser MEAC300-FNADE4 were discovered that can be accessed via Ethernet. Highest CVSSv3 score of 8.6
More info.

Mozilla has published a bulletin rated High for Thunderbird.
More info.

Dell has published a Critical bulletin for Integrated System for Microsoft Azure Stack Hub.
More info.

Microsoft has updated Edge with the latest chromium vulnerabilities.  Exploits are in the wild.
More info.

FESTO Hardware Controller and Hardware Servo Press Kit contain several vulnerabilities that could allow a remote attacker to execute unauthorized system commands with root privileges. Highest CVSSv3 score of 9.8
More info. And here.

FESTO and FESTO Didactic CIROS Studio / Education, Automation Suite, FluidDraw, FluidSIM, and MES-PC contain a vulnerability that allows a remote attacker to gain full control of the host system, including remote code execution. CVSSv3 score of 9.8
No patch available.
More info.

Voltronic Power Viewpower and PowerShield NetGuard contain vulnerabilities that allows a remote attacker to make configuration changes, resulting in shutting down UPS connected devices or execution of arbitrary code. CVSSv3 score of 9.8
No patch from Voltronic Power, PowerShield has patches available.
More info.

Contec has identified several vulnerabilities in its CHS Web HMI/SCADA software that allows a remote attacker to steal and tamper with data, execute malicious programs that could result in destruction of the system, and deactivate of certain function. Highest CVSSv3 score of 6.1
More info.

In ModSecurity, if the variable SecParseXmlIntoArgs is set to On or OnlyArgs, and the request type is application/xml, and at least one XML tag is empty then a segmentation fault occurs. CVSSv3 score of 6.5
More info.

IBM has published Critical bulletins for Business Automation Workflow, Cloud Pak for Data, and PowerVC.
More info.

Red Hat has updated the kernel. More info.
AlmaLinux has updated the kernel. More info.

Google has published updates for Chrome for Desktop that fixes one security vulnerability rated High that is actively being exploited.
More info.

Microsoft is aware. More info.

The Pilz industrial PC IndustrialPI webstatus application is vulnerable to a remote attacker through authentication bypass. CVSSv3 score of 9.8
More info.

Authentication is not configured by default for the Node-RED server on the Pilz industrial PC IndustrialPI. A remote attacker has full access to the Node-RED server. CVSSv3 score of 10
More info.

Tenable has updated Security Center to fix 3rd party software vulnerabilities. Highest CVSSv3 score of 7.5
More info.

Eight new security bulletins have been published for Mbed TLS.
More info.

Red Hat has updated the microcode. More info.
OpenSUSE has updated the kernel. More info.
Ubuntu has updated the kernel. More info.

PiCtory has three vulnerabilities, 2 rated Critical, 1 rated Medium.  A remote attacker can bypass of authentication. Highest CVSSv3 score of 9.8
More info.

A vulnerability has been disclosed in PLC ifm AC4xxS that allows a remote attacker to trigger the safety state resulting in a DoS. CVSSv3 score of 7.5
More info.

IBM has published Critical bulletins for Cloud Pak System Software, Tivoli System Automation Application Manager, Cognos Analytics, MQ, Sterling Connect:Direct Web Services, Storage Ceph, Personal Communications, Db2, App Connect Enterprise, Cloud Transformation Advisor, PowerVC, and WebSphere Service Registry and Repository.
More info.

Dell has published Critical bulletins for ObjectScale and NetWorker.
More info.

NetApp has published 10 bulletins identifying vulnerabilities in third-party software included in their products. Highest CVSSv3 score of 9.8
More info.

Red Hat has updated the kernel. More info.
Rocky Linux 8 and 9 have updated the kernel. More info. And here.