Google has publsihed a security update for Chrome for Desktop, that addresses 11 security vulnerabilities, at least 1 rated Critical and 1 being currently exploited.
More info.

Microsoft is aware andw orking to update Edge.  More info.

LS Electric LS ELEC PLC and XG5000 contains an Inadequate Encryption Strength for passwords vulnerability. Successful exploitation of this vulnerability could allow a remote attacker to decrypt credentials and gain full access to the affected PLC. CVSSv3 score of 6.5
More info.

Softing Secure Integration Server contains several vulnerabilities that can be exploited by a remote attacker to cause a DoS. CVSSv3 score of 7.5
More info. And here.

Several Softing products ship with the default administrator credentials. Upon installation or upon first login, the application does not ask the user to change the `admin` password. On top of this, there is no warning or prompt to ask the user to change the default password, and in order to change the password, many steps are required. CVSSv3 score of 9.8
More info.

Splunk Quarterly Patches are out, with 3 bulletins, 1 rated High, 1 Medium, and 1 Low. Highest CVSSv3 score of 7.4
More info.

B&R Industrial Automation Automation Studio 4 contains an Unrestricted Upload of File with Dangerous Type vulnerability. A remote attacker may use spoofing techniques to connect B&R Automation Studio to an attacker-controlled device with manipulated project files. This may result in RCE, information disclosure, and DoS of the system running B&R Automation Studio. CVSSv3 score of 8.3
More info.

Several WAGO products include CODESYS versions with known vulnerabilities. Highest CVSSv3 score of 9.8
More info.

Sequi PortBloque S contains Improper Authentication and Improper Authorization vulnerabilities. Successful exploitation of these vulnerabilities could result in unauthorized changes to device configuration, to include adding new users or changing existing passwords for persistent access to the device. Highest CVSSv3 score of 9.9
More info.

SUSE has updated the kernel. More info.
OpenSUSE has updated the kernel. More info.

A number of TRUMPF software tools use the OPC UA Server, which contains several vulnerabilities that would allow a remote attacker to send malicious data to the application, resulting in a DoS. CVSSv3 score of 7.5
More info.

Multiple vulnerabilities in expat, glibc, http server, dojo, openssl shipped with Cloud Pak System. Highest CVSSv3 score of 9.8
More info.

A vulnerability in Apache Commons Configuration affects IBM SPSS Modeler. CVSSv3 score of 9.8
More info.

Lenovo (IBM) Storage products are affected by a vulnerability in the challenge/response authentication mechanism used for remote support which, under specific conditions, may allow unauthorized access as credentials can be reused on the product's management GUI. CVSSv3 score of 5.6
More info.

SUSE has updated the kernel. More info.
Red Hat has updated the kernel and kpatch. More info.
CentOS has updated the kernel and microcode_ctl. More info.

Multiple vulnerabilities in jackson-databind shipped with IBM Cloud Pak System Highest CVSSv3 score of 9.8
More info.

IBM Sterling Connect:Direct File Agent is vulnerable to remote code execution due to Apache Commons Configuration. CVSSv3 score of 9.8
More info.

Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes. Highest CVSSv3 score of 9.8
More info.

Automation Assets in IBM Cloud Pak for Integration is vulnerable to remote code execution due to ejs. CVSSv3 score of 9.8
More info.

IBM MQ Operator and Queue manager container images are vulnerable to multiple vulnerabilities from Golang Go, libxml2, curl, expat, libgcrypt and IBM WebSphere Application Server Liberty. Highest CVSSv3 score of 9.8
More info.

NetApp has published 6 new bulletins identifying vulnerabilities in third-party software included in their products.  No patches yet.
More info.

SUSE has updated the kernel. More info.
OpenSUSE has updated the kernel. More info.

A vulnerability in the handling of RSA keys on devices running Cisco ASA and FTD Software could allow a remote attacker to retrieve an RSA private key. CVSSv3 score of 7.4
More info.

A vulnerability in the Clientless SSL VPN (WebVPN) component of Cisco ASA Software could allow a remote attacker to conduct browser-based attacks. CVSSv3 score of 4.3
More info.

A path traversal vulnerability exists in the Keysight Sensor Management Server. This allows a remote attacker to upload arbitrary files to the SMS host. CVSSv3 score of 9.8
More info.

A PAN-OS URL filtering policy misconfiguration could allow a remote attacker to conduct reflected and amplified TCP DoS attacks. The DoS attack would appear to originate from a Palo Alto Networks firewall against an attacker-specified target. CVSSv3 score of 8.6
More info.

Dell Enterprise Hybrid Cloud patches are available for multiple security vulnerabilities in third-party software (primarily VMware) that may be exploited by remote attackers to compromise the affected system.  Dell rates this Critical.
More info.

SUSE has updated the kernel. More info.
Oracle Linux has updated the kernel. More info.
Ubuntu has updated the kernel. More info.
Scientific Linux has updated the kernel. More info.

Microsoft Monthly Patches are out, with patches for 141 vulnerabilities, 17 rated Critical, 2 previously disclosed, and 1 being exploited.  Highest CVSSv3 score of 9.8
More info. And here. And here.

An RCE Windows PPP wormable vulnerability exists, a remote attacker could send a specially crafted connection request to a RAS server, which could lead to RCE on the RAS server machine.CVSSv3 score of 9.8.
More info.

Adobe Monthly Patches are published, with 5 new bulletins for Commerce, Acrobat and Reader, Illustrator, FrameMaker, and Premiere Elements. Highest CVSSv3 score of 9.1
More info.

Adobe has released a security update for Adobe Commerce and Magento Open Source. This update resolves critical, important and moderate vulnerabilities.  Successful exploitation could lead to arbitrary code execution, privilege escalation and security feature bypass. Highest CVSSv3 score of 9.1
More info.

VMware vRealize Operations contains an authentication bypass vulnerability. A remote attacker may be able to create a user with administrative privileges. CVSSv3 score of 5.6
Note there are other vulnerabilities that require privileges in this bulletin.
More info.

Several vulnerabilities exist in third-party software included in Command Suite, Automation Director,  Configuration Manager, Infrastructure Analytics Advisor and Ops Center. Highest CVSSv3 score of 9.8
More info.

Zoom On-Premise Meeting Connector Zone Controller fails to properly parse STUN error codes, which can result in memory corruption or arbitrary code execution. CVSSv3 score of 7.5
More info.

The Zoom Client for Meetings for Android, iOS, Linux, macOS, and Windows are susceptible to a URL parsing vulnerability. If a malicious Zoom meeting URL is opened, the malicious link may direct the user to connect to an arbitrary network address, leading to additional attacks including the potential for RCE. CVSSv3 score of 9.7
More info.

SUSE has updated the kernel. More info.
OpenSUSE has updated the kernel. More info.
Oracle Linux has updated the kernel. More info.
Ubuntu has updated the kernel. More info.

Siemens Monthly Patches are out, with 4 new bulletins and 38 updated bulletins.  Of the new bulletins, highest CVSSv3 score of 9.1
More info.

SCALANCE devices contain multiple vulnerabilities in MSPS based product lines that could allow remote attackers to create a DoS. Highest CVSSv3 score of 9.1
More info.

Teamcenter is affected by two security vulnerabilities in the File Service Cache service that could lead to command injection and DoS. Highest CVSSv3 score of 7.6
More info.

Simcenter STAR-CCM+ contains an information disclosure vulnerability when using the Power-on-Demand public license server. An attacker could access a system's host, user, and display name. CVSSv3 score of 5.3
More info.

A vulnerability was identified in the web server module used in the SICAM A8000 CP-8000, CP-8021 and CP-8022 devices' protocol firmwares that could allow unauthenticated access to the web interface of the affected web server module. This module is off by default.  CVSSv3 score of 4.3
More info.

Schneider Electric Monthly Patches are published, with 4 new bulletins and 7 updated bulletins. Of the new bulletins, highest CVSSv3 score of 9.8
More info.

Schneider Electric is aware of a Weak Password Recovery Mechanism for Forgotten Password vulnerability in its EcoStruxure Control Expert, EcoStruxure Process Expert, and Modicon M580 and M340 control products. A remote attacker  could achieve unauthorized access in read and write mode to the controller when communicating over Modbus. CVSSv3 score of 9.8
More info.

DoS and Information Exposure vulnerabilities exist Modicon PAC Controllers when using Modbus TCP.  CVSSv3 score of 7.5
More info. And here.

SAP has released 5 new Security Notes and 2 updated Notes in their Monthly Patch Day.  Highest CVSSv3 score in the new Notes is 8.2, but one of the updated Note has a score of 10.
More info.

The SIMA2 Master Station includes an outdated version of ntpd which is affected by a large number of vulnerabilities, dating back to 2016. Highest CVSSv3 score of 9.8
More info.

Multiple vulnerabilities have been discovered in Exim, the most severe of which could allow for RCE. Successful exploitation of the most severe of these vulnerabilities will enable the attacker to perform command execution as root in the context of the mail server.
More info.

SICK SIM products include OpenSSL which has a DoS vulnerability from March.  CVSSv3 score of 7.5. Updates are planned, but not available.
More info.

StorageGRID is susceptible to a vulnerability in the linux kernel that could allow a remote attacker to view limited metrics information and modify alert email recipients and content. CVSSv3 score of 7.3
More info.

SUSE has updated the kernel. More info.
Red Hat has updated the kernel. More info.
Oracle Linux has updated the kernel. More info.
Alpine Linux has put out a new release. More info.

Microsoft has updated Edge with the latest chromium security updates.
More info.

Mageia has updated the kernel. More info.

Digi International ConnectPort X2D Gateway contains a vulnerability that allows an attacker to execute malicious actions resulting in code execution. CVSSv3 score of 10.
More info.

NetApp has published 5 new bulletins identifying vulnerabilities in third-party software included in their products.
More info.

Cisco has published 5 new bulletins, 1 rated Critical and 4 rated Medium.
More info.

Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an unauthenticated, remote attacker to execute arbitrary code or cause a DoS. CVSSv3 score of 9.8
More info.

IBM Watson Speech products are affected by vulnerabilities in perl, allowing a remote attacker to execute arbitrary code.  CVSSv3 score of 9.8
More info. And here. And here. And here.

Multiple vulnerabilities affect IBM Db2 On Openshift, IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data. Highest CVSSv3 score of 9.8
More info.

A DoS vulnerability exists in the F-Secure Atlant and in certain WithSecure products. While scanning fuzzed PE32-bit files, it is possible for a remote attacker to crash the scanning engine. WithSecure rates this Medium.
More info.

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users. A malicious actor with network access to the UI may be able to obtain administrative access without the need to authenticate. CVSSv3 score of 9.8.
More info. And here.

Google has updated Chrome for Desktop with 27 security fixes.
More info.

Microsoft is aware and working on Edge. More info.

EagleSDV crashes on session establishment using TLS1.0 or TLS1.1, resulting in DoS.
More info.

Dell Data Computing Appliance (DCA) contains remediation for multiple security vulnerabilities that may be exploited by remote attackers to compromise the affected system. Dell rates this Critical.
More info.

Dell VNX2 Operating Environment for File contains remediation for multiple security vulnerabilities that may be exploited by remote attackers to compromise the affected system.  Dell rates this Critical.  Highest CVSSv3 score of 8.6
More info.

F5 Quarterly Patches are out, with 12 patches rated High, 8 rated Medium, 1  Low, and one Security Exposure bulletin. Highest CVSSv3 score of 8.7
More info.

Fortinet Monthly Patches are out, with 3 bulletins. Highest CVSSv3 score of 7.4
More info.

SUSE has updated the kernel. More info.
Red Hat has updated the kernel. More info.
CentOS has updated the kernel. More info.
Oracle Linux has updated the kernel. More info.

Dell CloudLink remediation is available for AD users login without password that may be exploited by remote attackers to compromise the affected system, and other vulnerabilities. CVSSv3 score of 9.1
More info. And here.

Dell Cyber Recovery remediation is available for multiple security vulnerabilities that may potentially be exploited by remote attackers to compromise the affected system, including an authentication bypass vulnerability. CVSSv3 score of 9.8
More info. And here.

DoS and arbitrary command execution vulnerabilities due to OpenSSL exist in multiple Mitsubishi Electric FA Products. Highest CVSSv3 score of 9.8
More info.

The latest LANTIME Firmware includes security updates of the third-party programs curl and openssl. In addition, a vulnerability has been fixed that allowed local user names to be determined.
More info.

Qualcomm Monthly Patches are out, with 15 internal vulnerabilities and 1 Open Source software vulnerability.  Highest CVSSv3 score of 8.4
More info.

Google has published the Android Monthly Patches, with 19 vulnerabilities plus Imagination Technologies, MediaTek, and Qualcomm patches. One vulnerability is rated Critical, the rest are rated High.
More info.

Google Pixel Monthly Patches are out, with 40 vulnerabilities, with 4 rated Critical, 3 rated High, and the rest Moderate.
More info.

Samsung Monthly Patches are out, with 31 Samsung vulnerabilities plus Google Android patches. At least 1 is rated Critical, and 3 rated High.
More info.

SUSE has updated the kernel. More info.
OpenSUSE has updated the kernel. More info.
Oracle Linux has updated microcode_ctl. More info.
Ubuntu has updated the kernel. More info.