SonicWall warns that threat actors have been exploiting two SMA1000 vulnerabilities, tracked as CVE-2026-15409 and CVE-2026-15410, in zero-day attacks and urges…SonicWall warns that threat actors have been exploiting two SMA1000 vulnerabilities, tracked as CVE-2026-15409 and CVE-2026-15410, in zero-day attacks and urges customers to install the newly released security updates. [...]
A threat actor has published hundreds of fake GitHub repositories impersonating legitimate software and security projects to distribute infostealer malware. [..…A threat actor has published hundreds of fake GitHub repositories impersonating legitimate software and security projects to distribute infostealer malware. [...]
Microsoft has released the Windows 10 KB5099539 extended security update, which includes the July 2026 Patch Tuesday security updates for 570 vulnerabilities, a…Microsoft has released the Windows 10 KB5099539 extended security update, which includes the July 2026 Patch Tuesday security updates for 570 vulnerabilities, along with additional security fixes. [...]
Today is Microsoft's July 2026 Patch Tuesday, and with it comes security updates for a record-breaking 570 flaws, including two zero-day vulnerabilities exploit…Today is Microsoft's July 2026 Patch Tuesday, and with it comes security updates for a record-breaking 570 flaws, including two zero-day vulnerabilities exploited in attacks and one publicly disclosed. [...]
Yiwei Hou discovered that Dnsmasq incorrectly handled logging of DS or
DNSKEY. A remote attacker could possibly use this issue to cause a
denial of service. (CV…Yiwei Hou discovered that Dnsmasq incorrectly handled logging of DS or
DNSKEY. A remote attacker could possibly use this issue to cause a
denial of service. (CVE-2026-12725)
It was discovered that Dnsmasq incorrectly validated the length of
fixed-length DNS record fields when parsing NS section records. A remote
attacker could possibly use this issue to cause Dnsmasq to read out of
bounds, possibly exposing sensitive information. (CVE-2026-12969)
Microsoft has released Windows 11 KB5101650 and KB5099414 cumulative updates for versions 25H2/24H2 and 23H2 to fix security vulnerabilities, bugs, and add new …Microsoft has released Windows 11 KB5101650 and KB5099414 cumulative updates for versions 25H2/24H2 and 23H2 to fix security vulnerabilities, bugs, and add new features. [...]
USN-8526-1 fixed vulnerabilities in libheif. This update provides the
corresponding updates for CVE-2026-47709 and CVE-2026-47714 in
Ubuntu 24.04 LTS.
Original…USN-8526-1 fixed vulnerabilities in libheif. This update provides the
corresponding updates for CVE-2026-47709 and CVE-2026-47714 in
Ubuntu 24.04 LTS.
Original advisory details:
Junyi Liu discovered that libheif had a null pointer dereference in its
image tiling interface. An attacker could possibly use this issue to
cause a denial of service. (CVE-2026-47709)
Calvin Young and Enoch Chow discovered that libheif had an integer
overflow in its inline mask size calculation. An attacker coul
Hirohito Higashi discovered that Vim incorrectly escaped class or trait
names when performing PHP omni-completion. An attacker could possibly
use this issue to …Hirohito Higashi discovered that Vim incorrectly escaped class or trait
names when performing PHP omni-completion. An attacker could possibly
use this issue to trick a user into opening a specially crafted PHP
file and executing arbitrary commands. This issue only affected Ubuntu
22.04 LTS, Ubuntu 24.04 LTS, and Ubuntu 26.04 LTS. (CVE-2026-59856)
Hirohito Higashi discovered that Vim incorrectly handled sound-folding
of certain words when using a spell file. An attacker could possibly
use this i
Progress Software has confirmed that a high-severity zero-day vulnerability is behind the emergency shutdown of ShareFile Storage Zone Controllers last week and…Progress Software has confirmed that a high-severity zero-day vulnerability is behind the emergency shutdown of ShareFile Storage Zone Controllers last week and has released security updates to patch the flaw. [...]
It was discovered that OpenVPN had a 1-byte buffer overrun when handling
NTLMv2 proxy responses. An attacker could use this issue to cause a denial
of service o…It was discovered that OpenVPN had a 1-byte buffer overrun when handling
NTLMv2 proxy responses. An attacker could use this issue to cause a denial
of service or possibly execute arbitrary code. This issue only affected
Ubuntu 24.04 LTS and Ubuntu 26.04 LTS. (CVE-2026-11771)
It was discovered that OpenVPN incorrectly handled metadata when extracting
tls-crypt-v2 client keys. An attacker could possibly use this issue to
obtain sensitive information. (CVE-2026-12932)
It was discovered that OpenV
Haruto Kimura discovered that GnuTLS did not properly apply permitted
name constraints in certain certificate validation paths. A remote
attacker could possibly…Haruto Kimura discovered that GnuTLS did not properly apply permitted
name constraints in certain certificate validation paths. A remote
attacker could possibly use this issue to bypass certificate validation,
leading to a machine-in-the-middle attack. (CVE-2026-42011)
Oleh Konko discovered that GnuTLS incorrectly fell back to Common Name
checks for certain URI and SRV subject alternative names. A remote
attacker could possibly use this issue to bypass certificate validation,
leading to a machi
Many vulnerabilities cannot be safely validated with live exploits, either because no exploit exists or the affected systems are too critical to test. Picus exp…Many vulnerabilities cannot be safely validated with live exploits, either because no exploit exists or the affected systems are too critical to test. Picus explains how TTP chaining helps organizations determine exploitability by validating the attack techniques an exploit depends on, without launching the exploit itself. [...]
It was discovered that alsa-lib incorrectly handled certain ALSA
configuration text. An attacker could use this issue to cause alsa-lib to
crash, resulting in a…It was discovered that alsa-lib incorrectly handled certain ALSA
configuration text. An attacker could use this issue to cause alsa-lib to
crash, resulting in a denial of service, or possibly execute arbitrary
code.
It was discovered that httplib2 performed unbounded decompression of HTTP
response bodies when the server used gzip or deflate Content-Encoding. A
remote attack…It was discovered that httplib2 performed unbounded decompression of HTTP
response bodies when the server used gzip or deflate Content-Encoding. A
remote attacker could possibly use this issue to cause httplib2 to use
excessive resources, leading to a denial of service.
It was discovered that MariaDB did not properly validate parameters
supplied by a joiner node during a State Snapshot Transfer using the
mariabackup method. An …It was discovered that MariaDB did not properly validate parameters
supplied by a joiner node during a State Snapshot Transfer using the
mariabackup method. An attacker could possibly use this issue to execute
arbitrary shell commands on the donor node. (CVE-2026-44168)
It was discovered that MariaDB did not properly enforce the SHOW CREATE
ROUTINE privilege when a user obtained access to a stored routine via a
role. An authenticated user could possibly use this issue to obtain
sensitive inform
SAP has addressed 16 vulnerabilities across multiple products as part of its July 2026 security updates, including three critical flaws in NetWeaver, Commerce C…SAP has addressed 16 vulnerabilities across multiple products as part of its July 2026 security updates, including three critical flaws in NetWeaver, Commerce Cloud, and AppRouter. [...]
CVSSv3 Score:
4.1
A buffer over-read vulnerability [CWE-126] in FortiOS, FortiProxy, and FortiSASE may allow an authenticated remote attacker to return…CVSSv3 Score:
4.1
A buffer over-read vulnerability [CWE-126] in FortiOS, FortiProxy, and FortiSASE may allow an authenticated remote attacker to return a portion of device memory in the redirect response via submitting a specially crafted request.
Revised on 2026-07-14 00:00:00
CVSSv3 Score:
5.3
An Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability [CWE-80] in FortiSIEM may allow a priv…CVSSv3 Score:
5.3
An Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability [CWE-80] in FortiSIEM may allow a privileged administrator to execute unauthorized commands via crafted requests.
Revised on 2026-07-14 00:00:00
CVSSv3 Score:
3.4
An Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') vulnerability [CWE-113] in FortiOS and Forti…CVSSv3 Score:
3.4
An Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') vulnerability [CWE-113] in FortiOS and FortiProxy may allow an attacker in possession of a valid web filter override token to inject arbitrary headers via tricking a user into clicking on a crafted link.
Revised on 2026-07-14 00:00:00
CVSSv3 Score:
3.1
An Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') vulnerability [CWE-113] in FortiOS and Forti…CVSSv3 Score:
3.1
An Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') vulnerability [CWE-113] in FortiOS and FortiProxy captive portal may allow an attacker able to intercept and modify a user's authentication request to inject arbitrary headers via crafted HTTP requests.
Revised on 2026-07-14 00:00:00
CVSSv3 Score:
6.7
An Improper Certificate Validation vulnerability [CWE-295] in FortiClient EMS may allow a remote unauthenticated attacker to imperson…CVSSv3 Score:
6.7
An Improper Certificate Validation vulnerability [CWE-295] in FortiClient EMS may allow a remote unauthenticated attacker to impersonate an AD Connector via a valid API Key.
Revised on 2026-07-14 00:00:00
CVSSv3 Score:
7.0
An out of bounds read [CWE-125] vulnerability in FortiAuthenticator may allow a remote unauthenticated attacker to retrieve sensitive…CVSSv3 Score:
7.0
An out of bounds read [CWE-125] vulnerability in FortiAuthenticator may allow a remote unauthenticated attacker to retrieve sensitive information via a specially crafted request.
Revised on 2026-07-14 00:00:00
CVSSv3 Score:
5.0
An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability [CWE-22] in FortiOS, FortiPAM, FortiP…CVSSv3 Score:
5.0
An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability [CWE-22] in FortiOS, FortiPAM, FortiProxy and FortiSwitch Manager may allow a privileged authenticated attacker with physical access to the device to delete the file system via crafted CLI commands.
Revised on 2026-07-14 00:00:00
CVSSv3 Score:
6.1
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability [CWE-79] in FortiOS, FortiProxy…CVSSv3 Score:
6.1
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability [CWE-79] in FortiOS, FortiProxy, FortiPAM and FortiSwitch-Manager Agentless SSL-VPN may allow an authenticated remote user to execute code or commands via crafted requests.
Revised on 2026-07-14 00:00:00
CVSSv3 Score:
5.9
A Stack-based Buffer Overflow vulnerability [CWE-121] in FortiOS, FortiProxy and FortiPAM may allow a privileged authenticated attack…CVSSv3 Score:
5.9
A Stack-based Buffer Overflow vulnerability [CWE-121] in FortiOS, FortiProxy and FortiPAM may allow a privileged authenticated attacker who can bypass stack protection and ASLR to execute arbitrary code or commands via crafted HTTP requests.
Revised on 2026-07-14 00:00:00
CVSSv3 Score:
6.9
An Improper Restriction of Communication Channel to Intended Endpoints [CWE-923] vulnerability in FortiSIEM Windows Agent may allow a…CVSSv3 Score:
6.9
An Improper Restriction of Communication Channel to Intended Endpoints [CWE-923] vulnerability in FortiSIEM Windows Agent may allow an unauthorized attacker on the same local network to execute arbitrary code via spoofing the supervisors hostname when the Windows device is configured with the 'Supers Override' feature.
Revised on 2026-07-14 00:00:00
CVSSv3 Score:
7.7
An Exposure of Resource to Wrong Sphere vulnerability [CWE-668] in FortiSanbox may allow an unauthenticated attacker to access the VN…CVSSv3 Score:
7.7
An Exposure of Resource to Wrong Sphere vulnerability [CWE-668] in FortiSanbox may allow an unauthenticated attacker to access the VNC server of VMs performing scanning via network requests.
Revised on 2026-07-14 00:00:00
It was discovered that PipeWire accepted unbounded Content-Length values
in its RAOP module. A remote attacker could possibly use this issue to cause
a denial o…It was discovered that PipeWire accepted unbounded Content-Length values
in its RAOP module. A remote attacker could possibly use this issue to cause
a denial of service. This issue only affected Ubuntu 24.04 LTS.
(CVE-2026-14324)
It was discovered that PipeWire performed multiple unbounded stack
allocations in its PulseAudio protocol server. A local attacker could
possibly use this issue to cause a denial of service. (CVE-2026-14330)
It was discovered that LibreOffice incorrectly handled importing DXF
drawings. An attacker could use this issue to cause LibreOffice to crash,
resulting in a de…It was discovered that LibreOffice incorrectly handled importing DXF
drawings. An attacker could use this issue to cause LibreOffice to crash,
resulting in a denial of service, or possibly execute arbitrary code.
(CVE-2026-6039)
It was discovered that LibreOffice incorrectly handled certain ODF number
formats. An attacker could use this issue to cause LibreOffice to crash,
resulting in a denial of service, or possibly execute arbitrary code. This
issue only affected Ubuntu 24.04 LTS and Ubuntu
English version : 🇬🇧 Les membres du Centre de Coordination des Crises Cyber (C4) ont observé le ciblage et la compromission d’entités françaises au moyen du mod…English version : 🇬🇧 Les membres du Centre de Coordination des Crises Cyber (C4) ont observé le ciblage et la compromission d’entités françaises au moyen du mode opératoire d’attaque (MOA) Turla, opéré par le 16ème Centre du service fédéral de sécurité de la fédération de Russie (FSB). Depuis au...
Version française: 🇫🇷 Members of the Cyber Crisis Coordination Centre (C4) have observed the targeting and compromise of French entities using the Turla intrusi…Version française: 🇫🇷 Members of the Cyber Crisis Coordination Centre (C4) have observed the targeting and compromise of French entities using the Turla intrusion set operated by the 16th Centre of the Federal Security Service of the Russian Federation (FSB). Since at least 2004, this intrusion...
Ce bulletin d'actualité du CERT-FR revient sur les vulnérabilités significatives de la semaine passée pour souligner leurs criticités. Il ne remplace pas l'anal…Ce bulletin d'actualité du CERT-FR revient sur les vulnérabilités significatives de la semaine passée pour souligner leurs criticités. Il ne remplace pas l'analyse de l'ensemble des avis et alertes publiés par le CERT-FR dans le cadre d'une analyse de risques pour prioriser l'application des...
The ChromeOS Stable channel is being updated to OS version 16667.62.0 (Browser version 149.0.7827.238 ) for most ChromeOS devices. If you find new issues, pl…The ChromeOS Stable channel is being updated to OS version 16667.62.0 (Browser version 149.0.7827.238 ) for most ChromeOS devices. If you find new issues, please let us know one of the following ways: File a bug Visit our ChromeOS communities General: Chromebook Help Community Beta Specific: ChromeOS Beta Help Community Report an issue or send feedback on Chrome Interested in switching channels? Find out how. Luis Menezes Google ChromeOS
The Dev channel has been updated to 152.0.7939.3 for Windows, Mac and Linux. A partial list of changes is available in the Git log . Interested in switching …The Dev channel has been updated to 152.0.7939.3 for Windows, Mac and Linux. A partial list of changes is available in the Git log . Interested in switching release channels? Find out how . If you find a new issue, please let us know by filing a bug . The community help forum is also a great place to reach out for help or learn about common issues. Chrome Release Team Google Chrome
Hi everyone! We've just released Chrome Dev 152 (152.0.7940.2) for Android. It's now available on Google Play . You can see a partial list of the changes in th…Hi everyone! We've just released Chrome Dev 152 (152.0.7940.2) for Android. It's now available on Google Play . You can see a partial list of the changes in the Git log . For details on new features, check out the Chromium blog , and for details on web platform updates, check here . If you find a new issue, please let us know by filing a bug . Chrome Release Team Google Chrome
De multiples vulnérabilités ont été découvertes dans Microsoft Azure Linux. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié pa…De multiples vulnérabilités ont été découvertes dans Microsoft Azure Linux. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.
De multiples vulnérabilités ont été découvertes dans Suricata. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.
De multiples vulnérabilités ont été découvertes dans le noyau Linux d'Ubuntu. Certaines d'entre elles permettent à un attaquant de provoquer une élévation de pr…De multiples vulnérabilités ont été découvertes dans le noyau Linux d'Ubuntu. Certaines d'entre elles permettent à un attaquant de provoquer une élévation de privilèges, une atteinte à la confidentialité des données et un contournement de la politique de sécurité.
De multiples vulnérabilités ont été découvertes dans le noyau Linux de SUSE. Certaines d'entre elles permettent à un attaquant de provoquer une atteinte à la co…De multiples vulnérabilités ont été découvertes dans le noyau Linux de SUSE. Certaines d'entre elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données, une atteinte à l'intégrité des données et un contournement de la politique de sécurité.
The Beta channel has been updated to 151.0.7922.19 for Windows, Mac and Linux. A partial list of changes is available in the Git log . Interested in switching…The Beta channel has been updated to 151.0.7922.19 for Windows, Mac and Linux. A partial list of changes is available in the Git log . Interested in switching release channels? Find out how . If you find a new issue, please let us know by filing a bug . The community help forum is also a great place to reach out for help or learn about common issues. Chrome Release Team Google Chrome
Hi everyone! We've just released Chrome Beta 151 (151.0.7922.18) for Android. It's now available on Google Play . You can see a partial list of the changes in …Hi everyone! We've just released Chrome Beta 151 (151.0.7922.18) for Android. It's now available on Google Play . You can see a partial list of the changes in the Git log . For details on new features, check out the Chromium blog , and for details on web platform updates, check here . If you find a new issue, please let us know by filing a bug . Chrome Release Team Google Chrome
Hi everyone! We've just released Chrome Beta 151 (151.0.7922.17) for iOS; it'll become available on App Store in the next few days. You can see a partial list o…Hi everyone! We've just released Chrome Beta 151 (151.0.7922.17) for iOS; it'll become available on App Store in the next few days. You can see a partial list of the changes in the Git log . If you find a new issue, please let us know by filing a bug . Chrome Release Team Google Chrome
A new LTS-144 version 144.0.7559.257 (Platform Version: 16503.90.0), is being rolled out for most ChromeOS devices. This version includes selected securit…A new LTS-144 version 144.0.7559.257 (Platform Version: 16503.90.0), is being rolled out for most ChromeOS devices. This version includes selected security fixes including: 520202726 High CVE-2026-12467 Use after free in Extensions 521495992 High CVE-2026-13029 Use after free in Web Authentication 495948109 Critical CVE-2026-8514 Use after free in Aura 522566295 Critical CVE-2026-12443 Use after free in Web Authentication 519248779 High CVE-2026-12033 Out of bounds read 5169
De multiples vulnérabilités ont été découvertes dans Traefik. Elles permettent à un attaquant de provoquer un contournement de la politique de sécurité.
De multiples vulnérabilités ont été découvertes dans Microsoft Azure Linux. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié pa…De multiples vulnérabilités ont été découvertes dans Microsoft Azure Linux. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.
De multiples vulnérabilités ont été découvertes dans GitLab. Certaines d'entre elles permettent à un attaquant de provoquer une atteinte à la confidentialité de…De multiples vulnérabilités ont été découvertes dans GitLab. Certaines d'entre elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données, une injection de code indirecte à distance (XSS) et un contournement de la politique de sécurité.
De multiples vulnérabilités ont été découvertes dans Google Chrome. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'édit…De multiples vulnérabilités ont été découvertes dans Google Chrome. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.
Hi, everyone! We've just released Chrome 150 (150.0.7871.114) for Android. It'll become available on Google Play over the next few days. This release inclu…Hi, everyone! We've just released Chrome 150 (150.0.7871.114) for Android. It'll become available on Google Play over the next few days. This release includes stability and performance improvements. You can see a full list of the changes in the Git log . If you find a new issue, please let us know by filing a bug . Android releases contain the same security fixes as their corresponding Desktop releases (Windows & Mac: 150.0.7871.114/115, Linux: 150.0.7871.114) unless otherwise noted. Kr