Microsoft has updated Edge to correct the latest chromium vulnerabilities and 2 Edge specific updates.
More info.

NetApp has published 5 new bulletins identifying vulnerabilities in third-party software included in their products. Highest CVSSv3 score of 8.8
No patches yet.
More info.

Tanzu has been updated with 14 bulletins marked Medium.  Several allow a remote attacker to cause a DoS.
More info. (login required)

Broadcast Signal Processor TRA7005 contains an Auth Bypass vulnerability. CVSSv4 score of 8.7
No response from vendor.
More info.

IBM QRadar Data Synchronization App for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities.  Highest CVSSv3 score of 9.8
More info.

Acronis Cyber Infrastructure has an RCE vulnerability due to default passwords.  CVSSv3 score of 9.8
More info.

Oracle Linux has updated the kernel. More info.
AlmaLinux has updated the linux firmware. More info.

A pair of vulnerabilities in GroupMe allow an a unauthenticated attacker to elevate privileges over a network. Highest CVSSv3 score of 9.6
More info. And here.

 IBM QRadar Network Packet Capture includes third-party software with multiple known vulnerabilities. Highest CVSSv3 score of 9.8
More info.

BIND has 4 vulnerabilities that have been patched.  Highest CVSSv3 score of 7.5
More info.

Multiple vulnerabilities have been patched in HPE Aruba Networking EdgeConnect SD-WAN Orchestrator. Highest CVSSv3 score of 8.1
More info.

Multiple vulnerabilities have been patched in HPE Aruba Networking EdgeConnect. Highest CVSSv3 score of 7.2
More info.

Chrome for Desktop has been updated to fix 24 security vulnerabilities.
More info.

NVIDIA has released a firmware update for NVIDIA Mellanox OS, ONYX, Skyway, and MetroX-3 XC. Highest CVSSv3 score of 7.5
More info.

openSUSE has updated the kernel firmware. More info.
Red Hat has updated the kernel, kernel-rt, and linux firmware. More info.

Multiple SICAM products are affected by unauthorized password reset and firmware downgrade vulnerabilities. Highest CVSSv4 score of 9.3
Note this is out of cycle for Siemens.
More info.

A security vulnerability has been identified in certain HPE ProLiant DL/ML/SY/XL and Alletra Servers. The vulnerability could be remotely exploited to allow OOB write. CVSSv3 score of 9.8
More info.

Two vulnerabilities have been identified in TorchServe. Highest CVSSv3 score of 9.8
More info. And here. Bulletin from AWS here.

IBM QRadar Network Packet Capture includes components with multiple known vulnerabilities. Highest CVSSv3 score of 9.8
More info.

Data Protection Advisor remediation is available for multiple vulnerabilities in third-party software.  Dell rates this Critical.
More info.

BD has published security updates for Identity Provider Manager, Data Agent, and Alaris products.
More info.

SUSE has updated the kernel. More info.
Red Hat has updated kpatch. More info.
Ubuntu has updated the kernel. More info.
Amazon Linux 2 has updated the kernel. More info.
Amazon Linux 2023 has updated the kernel. More info.
Alpine Linux has  published a new release. More info.

The LANTIME firmware update includes security updates of various third party libraries and programs.
More info.

Tenda AX2pro could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in Routing functionality. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
More info.

NetApp has published 8 new bulletins identifying vulnerabilities in third-party software included in their products.  Highest CVSSv3 score of 9.8
No patches yet.
More info.

IBM Storage Ceph is vulnerable to assorted vulnerabilities in Grafana. Highest CVSSv3 score of 9.8
More info.

PowerSYSTEM Center contains a Prototype Pollution vulnerability.  CVSSv4 score of 6.9
Although the CVSS score shows no privilege required, the description references an authenticated attacker.
More info.

Access Rights Manager has been updated and fixes 13 vulnerabilities.  Highest CVSSv3 score of 9.6
Note ZDI rates several vulnerabilities at 10
More info.

Vue PACS contains several vulnerabilities, including: Out-of-bounds Write, Deserialization of Untrusted Data, Uncontrolled Resource Consumption, Use of Default Credentials, Exposure of Sensitive Information to an Unauthorized Actor. Highest CVSSv4 score of 9.3
Upgrades have been available since 2023, however this is the first reporting of this issue.
 More info. And here.

A DoS vulnerability due to OpenSSL vulnerability exists in MELSOFT MaiLab. A remote attacker can cause a DoS by sending a specially crafted message authentication code. CVSSv3 score of 5.9
More info.

Microsoft has updated Edge with the latest Chromium updates.
More info.

PRC7000 firmware uses OpenSSH, and is vulnerable to RCE.
More info.

Endpoint Manager for Mobile has been updated to fix several vulnerabilities.  Highest CVSSv3 score of 8.8
More info.

SUSE has updated the kernel. More info.
Oracle Linux has updated the kernel. More info.
Ubuntu has updated the kernel. More info.

Cisco has published 9 new bulletins, 2 rated Critical, 3 rated High, and 4 rated Medium.  Highest CVSSv3 score of 10.
More info.

A vulnerability in the authentication system of Cisco Smart Software Manager On-Prem could allow a remote attacker to change the password of any user, including administrative users. CVSSv3 score of 10.
More info.

A vulnerability in the content scanning and message filtering features of Cisco Secure Email Gateway could allow a remote attacker to overwrite arbitrary files on the underlying operating system. CVSSv3 score of 9.8
More info.

Heap-based buffer overflow vulnerability in the SonicOS IPSec allows an unauthenticated remote attacker to cause DoS. CVSSv3 score of 7.5
 More info.

SonicWall GMS and Analytics products are affected by critical, high, and medium severity vulnerabilities. Highest CVSSv3 score of 9.8
More info.

Apache HTTP Server has been updated to fix 2 vulnerabilities rated Important. CVSSv3 score of 5.9
More info.

Dell ECS remediation is available for multiple security vulnerabilities. Dell rates this Critical.
More info.

IBM Security Guardium is affected by multiple vulnerabilities. Highest CVSSv3 score of 9.8
More info.

A command injection vulnerability in the Platform Webservice component of Unify OpenScape 4000 and Unify OpenScape 4000 Manager could allow a remote attacker to execute arbitrary commands within the context of the system. This is rated Critical.
More info.

A command injection vulnerability in the Unify OpenScape 4000 Assistant and Unify OpenScape 4000 Manager, could allow a remote attacker to conduct a command injection attack. This is rated Critical.
More info.

Ubuntu has updated the kernel. More info.

Google has updated Chrome for Desktop to fix 10 security vulnerabilities.
More info.

Atlassian has published security updates for Bamboo Data Center and Server, Confluence Data Center and Server, Jira Data Center and Server, and Jira Service Management Data Center and Server.
More info.

A Major nonrecoverable fault exists in 5015 – AENFTXT. An input validation vulnerability exists in the affected products when a manipulated PTP packet is sent, causing the secondary adapter to result in a major nonrecoverable fault. If exploited, a power cycle is required to recover the product.  CVSSv4 score of 8.7
More info.

An input validation vulnerability exists in the SequenceManager Server that allows a remote attacker to cause a DoS.  CVSSv4 score of 8.7
More info.

Dell Networking OS10 remediation is available for third party vulnerabilities. Dell rates this High.
More info. And here. And here.

Multiple vulnerabilities in go and opm affect IBM Robotic Process Automation. Highest CVSSv3 score of 9.8
More info.

IBM Engineering Requirements Management DOORS/DWA vulnerabilities have been fixed. Highest CVSSv3 score of 9.8
More info.

Oracle Critical Patch Update will be released this afternoon. The Pre-Release shows 353 security vulnerabiliities patched, with 246 remotely exploitable without authorization.  Highest CVSSv3 score of 9.8
More info.

Tanzu has published 21 bulletins, all rated Medium, identifying vulnerabilities in third-party software included in the products.
More info.

Microsoft has updated Edge to incorporate the latest security updates for Chromium and 1 additional Edge-specific update.
More info.

Data Protection Search remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system. Dell rates this Critical.
More info.

Security vulnerabilities have been identified in HPE Unified OSS Console Assurance Monitoring that could be exploited to allow Remote Arbitrary Code or Command Execution, Local Elevation of Privilege, Local Memory Corruption, Local Buffer Overflow and Local Input Validation Vulnerability. Highest CVSSv3 score of 9.8
More info.

Security vulnerabilities have been identified in HPE ProLiant DL/ML/XL, Synergy, Edgeline and Alletra Servers. These vulnerabilities could be locally and remotely exploited to allow DoS. Highest CVSSv3 score of 5.5
More info.

Several vulnerabilities have been discovered in OpenSSH that affect FlexLM, OmniPCX Enterprise CS, ALE Enterprise Desk Phones, ALE-2/ALE-3, and H3/H6/M8.
More info.

SUSE has updated the kernel. More info.
Red Hat has updated the kernel. More info.
Debian has updated the kernel. More info.
Ubuntu has updated the kernel. More info.

Tanzu has published several bulletins identifying vulnerabilities in third-party software included in the products.
More info.

NetApp has published 5 new bulletins identifying vulnerabilities in third-party software included in their products. Highest CVSSv3 score of 9.1
No patches yet.
More info.

IBM QRadar SIEM includes vulnerable components that could be identified and exploited with automated tools. Highest CVSSv3 score of 9.8
More info.

Vulnerability in pdfmake could allow a remote attacker to execute arbitrary code on the system, which could affect IBM Spectrum Control. CVSSv3 score of 9.8
More info.

Protobuf is used by IBM Storage Ceph, and contains a vulnerability. CVSSv3 score of 9.8
More info.

Multiple security vulnerabilities have been addressed in updates to IBM Security Verify Governance - Identity Manager and IBM Security Verify Governance - Identity Manager virtual appliance. Highest CVSSv3 score of 9.8
More info.

Potential code execution vulnerability in Node.js IP package has been identified that could affect IBM Watson Assistant for IBM Cloud Pak for Data. CVSSv3 score of 9.8
More info.

An RCE vulnerability in the OpenSSH server included in Quantum Spark appliances can cause an unauthenticated RCE that grants full root access.
More info.

Red Hat has updated the kernel. More info.
Mageia has updated the kernel. More info.