OpenSSL Product Security Update Advisory
Security Advisory

OpenSSL Product Security Update Advisory

Overview. An out-of-bounds read vulnerability (CVE-2026-28386) and a NULL pointer dereference vulnerability (CVE-2026-28388, CVE-2026-28389, CVE-2026-28390) in OpenSSL have been disclosed. affected products are systems and applications that use the OpenSSL library. Vulnerability Summary. CVE-2026-28386: An out-of-bounds read vulnerability. CVE-2026-28388: NULL pointer dereference vulnerability. CVE-2026-28389: NULL pointer dereference vulnerability. CVE-2026-28390: NULL

  • Apr 13 2026
Spring Product Security Update Advisory (CVE-2026-22750)
Security Advisory

Spring Product Security Update Advisory (CVE-2026-22750)

Spring product security update advisory (CVE-2026-22750). Affected products and scope of impact. the affected product is Spring Cloud Gateway version 4.2.0. Vulnerability overview. the vulnerability (CVE-2026-22750) is an issue where SSL bundle settings are unceremoniously ignored. this could allow an application to establish a connection without applying the intended TLS

  • Apr 13 2026
Apache Product Security Update Advisory (CVE-2026-34197)
Security Advisory

Apache Product Security Update Advisory (CVE-2026-34197)

Summary. A lack of input validation and code injection vulnerability (CVE-2026-34197) was reported in Apache ActiveMQ and Apache ActiveMQ Broker. Affected Versions. Apache ActiveMQ Broker: 5.19.4 and earlier and 6.0.0 and earlier and 6.2.3 and earlier. Apache ActiveMQ: 5.19.4 and earlier and 6.0.0 and earlier than 6.2.3. Vulnerability Description and

  • Apr 13 2026
Docker Product Security Update Advisory (CVE-2026-34040)
Security Advisory

Docker Product Security Update Advisory (CVE-2026-34040)

Overview. CVE-2026-34040 is an authorization validation bypass vulnerability in Docker Engine’s handling of the AuthZ plugin. affected is Docker Engine version 29.3.1 and earlier. Vulnerability details. the vulnerability allows an attacker to bypass the AuthZ plugin’s authorization validation logic by crafting an oversized request body. a threat actor could potentially

  • Apr 09 2026
GitLab product security update advisory
Security Advisory

GitLab product security update advisory

overview We have released security updates that address vulnerabilities in GitLab products. users of affected products are encouraged to update to the latest version. affected products CVE-2025-12664 GitLab CE/EE Version: 13.0 and above but below 18.8.9GitLab CE/EE Versions: 18.9 and above but below 18.9.5GitLab CE/EE Version: 18.10 or later but

  • Apr 09 2026
Siemens Product Security Update Advisory
Security Advisory

Siemens Product Security Update Advisory

overview Siemens has released security updates to address vulnerabilities in its products. users of affected products are encouraged to update to the latest version. affected products CVE-2026-27663 CPCI85 Central Processing/Communication Versions: V26.10 and earlierRTUM85 RTU Base Version: V26.10 and earlier CVE-2026-27664 CPCI85 Central Processing/Communication Version: V26.10 or earlierSICORE Base system

  • Apr 09 2026
Apache Tomcat April Vulnerabilities Security Update Advisory
Security Advisory

Apache Tomcat April Vulnerabilities Security Update Advisory

Overview. A security update has been released to address multiple security vulnerabilities in Apache Tomcat. affected versions are Tomcat 9.0.0.M1-9.0.116, 10.0.0-M1-10.1.53, 11.0.0-M1-11.0.20. recommended patch versions include 9.0.117, 9.0.116, 11.0.21, 11.0.20, 10.1.54, and 10.1.53. Summary of vulnerabilities. CVE-2026-24880 is an HTTP request smuggling vulnerability that can affect request isolation and proxy

  • Apr 09 2026
ManageEngine (Exchange Reporter Plus, Exchange Reporter Plus, and others) Family April 2026 Security Update Advisory
Security Advisory

ManageEngine (Exchange Reporter Plus, Exchange Reporter Plus, and others) Family April 2026 Security Update Advisory

overview Zoho(https://www.zohocorp.com/) has released a security update that addresses a vulnerability in its ManageEngine suite of products. users of affected products are advised to update to the latest version. affected products Exchange Reporter Plus builds 5801 and earlier resolved Vulnerabilities High Impact Cross-Site Scripting (XSS) vulnerability in Exchange Reporter Plus

  • Apr 09 2026
OpenClaw Product Security Update Advisory
Security Advisory

OpenClaw Product Security Update Advisory

Overview. Multiple security vulnerabilities have been disclosed and security updates have been released in the OpenClaw suite. Vulnerability Details. vulnerability types include authentication bypass, execution allowlist bypass, command execution-command injection, remote code execution (RCE), privilege escalation, access control bypass, sandbox escape, information leakage, etc. Impact and Risk. affected includes the

  • Apr 09 2026
Mozilla Product Security Update Advisory
Security Advisory

Mozilla Product Security Update Advisory

Overview. Mozilla has released updates to address a number of security vulnerabilities found in its Firefox and Thunderbird (including ESR) suites. Summary of vulnerability types and impact. CVE-2026-5731: Categorized as a memory safety issue. CVE-2026-5732: Categorized as a boundary condition error and integer overflow issue. CVE-2026-5733: Categorized as a boundary

  • Apr 09 2026