Vulnerabilities

Fortinet has confirmed that it is working to fully fix a FortiCloud SSO authentication bypass vulnerability, following reports of new exploit activity on firewalls that had already been fully patched. Discovery of New Attack Route Carl Windsor, CISO of Fortinet, reported that cases of exploitation have been identified on devices that were updated to the latest version available at the time of the attack. This suggests a new attack path that bypasses previously deployed patches to address CVE-2025-59718 and CVE-2025-59719. ...

Microsoft has released emergency out-of-band security updates to patch a high-severity zero-day vulnerability in Microsoft Office that is being actively exploited in attacks. The vulnerability, tracked as CVE-2026-21509, is a security feature bypass that affects multiple versions of Office, including Microsoft Office 2016, Microsoft Office 2019, Microsoft Office LTSC 2021, Microsoft Office LTSC 2024, and Microsoft 365 Apps for Enterprise. Vulnerability and Patch Details The vulnerability allows an unauthenticated attacker to bypass a security feature locally. To exploit the flaw, the attacker must convince the user to open a malicious Office file, although the preview pane is not a direct attack vector. Exploitation requires low complexity and user interaction. ...

Palo Alto Networks has released a major security update to address a high severity vulnerability affecting its GlobalProtect Gateway and Portal software. The company has confirmed the existence of a proof-of-concept (PoC) exploit for this flaw, underscoring the urgency of patching. Vulnerability Description (CVE-2026-0227) The vulnerability, identified as CVE-2026-0227, has a CVSS score of 7.7 and has been classified as a denial of service (DoS) condition. The issue resides in GlobalProtect’s PAN-OS software and arises from inadequate checking for exceptional conditions (CWE-754). ...

Veeam has released a series of critical security updates to its Backup & Replication software, addressing multiple flaws, including a vulnerability classified as “critical” that could lead to remote code execution (RCE). Critical Remote Code Execution (RCE) Vulnerability The most notable vulnerability is CVE-2025-59470, which has a CVSS score of 9.0. This flaw allows a Backup or Tape operator to perform remote code execution as the postgres user by sending a malicious interval or order parameter. ...

IBM has disclosed details about a critical security flaw in its API Connect product that could allow remote attackers to gain unauthorized access to the application. Vulnerability Details The vulnerability, identified as CVE-2025-13915, has received a score of 9.8 out of 10.0 in the CVSS rating system, classifying it as critical. It is described as an authentication bypass failure. IBM has stated in a bulletin that “IBM API Connect could allow a remote attacker to bypass authentication mechanisms and gain unauthorized access to the application.” ...

Critical Vulnerability Warning in SmarterTools SmarterMail The Cyber Security Agency of Singapore (CSA) has issued an alert regarding a major security flaw in the SmarterTools SmarterMail email software. This vulnerability, with a CVSS score of 10.0, could be exploited to achieve remote code execution (RCE) without the need for authentication. Vulnerability Details (CVE-2025-52691) The vulnerability, identified as CVE-2025-52691, is a case of arbitrary file upload. This means that an unauthenticated attacker could upload files of any type to any location on the mail server. If these malicious files (such as web shells or binaries) are interpreted and executed as code by the application environment, the attacker could gain control with the same privileges as the SmarterMail service. ...

A critical security vulnerability has been revealed in the n8n workflow automation platform. The flaw, if successfully exploited, could result in arbitrary code execution under certain circumstances. The vulnerability, tracked as CVE-2025-68613, has a CVSS score of 9.9 out of 10.0, underscoring its severity. According to npm statistics, the n8n package records approximately 57,000 weekly downloads. Vulnerability and Impact Details The maintainers of the npm package stated that “under certain conditions, expressions provided by authenticated users during workflow configuration may be evaluated in an execution context that is not sufficiently isolated from the underlying runtime.” ...

A security vulnerability has been identified in specific motherboard models from leading manufacturers such as ASRock, ASUSTeK Computer, GIGABYTE and MSI. This flaw leaves systems susceptible to Direct Memory Access (DMA) attacks during the early boot phase, affecting architectures that implement the Unified Extensible Firmware Interface (UEFI) and Input/Output Memory Management Unit (IOMMU). Early Boot DMA Protection Failure The vulnerability, discovered by Riot Games’ Nick Peterson and Mohamed Al-Sharifi, lies in the UEFI firmware implementation. Although the IOMMU and UEFI are designed to prevent unauthorized access to memory by peripherals, the flaw arises from a discrepancy: the firmware indicates that DMA protection is active, but fails to configure and enable the IOMMU correctly during the critical boot phase. ...

Hewlett Packard Enterprise (HPE) has announced the resolution of a maximum severity security vulnerability in its OneView software. The flaw, if successfully exploited, could allow remote code execution. The critical vulnerability has been identified as CVE-2025-37164 and has a CVSS score of 10.0. HPE OneView is an IT infrastructure management tool that simplifies operations and enables centralized control of all systems. Vulnerability Details (CVE-2025-37164) The security flaw allows an unauthenticated, remote attacker to perform code execution on the affected system. HPE has issued a security warning urging users to take immediate action. ...

WatchGuard has issued a security alert and released patches to address a critical vulnerability in its Fireware operating system that the company has confirmed has been actively exploited in real-world attacks. The vulnerability, identified as CVE-2025-14733, affects IKEv2 VPN configurations and has a CVSS score of 9.3 (Critical), allowing remote code execution by unauthenticated attackers. Vulnerability Details (CVE-2025-14733) The security flaw is a case of out-of-bounds write that resides in the Fireware OS iked process. This vulnerability could be exploited by a remote attacker without requiring authentication, allowing them to execute arbitrary code on the system. ...