Warning: Multiple high severity vulnerabilities in #GitLab <18.6.2 including #CVE-2025-12716, CVSS 8.7. #Patch #Patch #Patch More info in our advisory:

Warning: Improper Input Validation vulnerability in #TeamViewer DEX Client affecting users with Content Distribution Service enabled. #CVE-2025-44016 CVSS: 8.8. The high-severity flaw can lead to #ArbitraryCodeExecution! #Patch #Patch #Patch More info:  https://t.co/5kiP7VDNki

Warning: Critical Cross-Site Scripting #XSS in @Adobe Experience Manager. #CVE-2025-64538 CVSS: 9.3. A remote threat actor can inject malicious scripts in web pages. For details see our advisory https://t.co/CuvBq7RMrT. Please update to version 6.5.24 or later #Patch #Patch

Warning: Critical Absolute Path Traversal in #Barracuda Service Center #RMM. #CVE-2025-34392 CVSS: 10.0. Remote attacker without authenticatiom or user interaction can exploit this vulnerability to write files and upload webshells, can lead to #RCE https://t.co/LXQbggYnZ3 #Patch

Warning: Critical File Download vulnerability in #ConnectWise #ScreenConnect <25.8. #CVE-2025-14265 CVSS: 9.1. An authorized user can install untrusted extensions on the ScreenConnect server! #Patch #Patch #Patch More info:  https://t.co/6hkZriTA7Y

Warning: Unauthenticated XXE vulnerability in #GeoServer. #CVE-2025-58360 CVSS: 8.2. This now #ActivelyExploited flaw allows remote file reading and SSRF! #Patch #Patch #Patch More info:  https://t.co/VI3YUBic5V

Warning: High Path Traversal in PutContents #API in #Gogs. CVE-2025-8110 CVSS: 8.7. This actively exploited #0Day can lead to local execution of code! Low privilege remote attackers can bypass security controls and achieve full system compromise. https://t.co/07QSaGplbm #Patch

Warning: #Ivanti security updates for multiple vulnerabilities, #CVE-2025-10573 #CVE-2025-13659 #CVE-2025-13661 #CVE-2025-13662, in Endpoint Manager (EPM). Exploitation of these vulnerabilities can lead to remote code execution #RCE! https://t.co/sBPwsWG2Dl #Patch #Patch #Patch

Warning: #SAP security updates for critical vulnerabilities: #CVE-2025-42880, code injection vulnerability in SAP Solution Manager and #CVE-2025-42928 affects SAP jConnect that allows remote code execution #RCE! More information here: https://t.co/RURNKBjlNI #Patch #Patch #Patch

Warning: #FreePBX addresses an authentication bypass vulnerability, #CVE-2025-66039, in FreePBX Endpoint Manager, which allow unauthenticated logins to administrator control panel. More information can be found here: https://t.co/KhetDV0KDo #Patch #Patch #Patch

Warning: Two critical vulnerabilities, #CVE-2025-59718 & #CVE-2025-59719, affecting multiple #Fortinet products. Exploitation could allow an unauthenticated attacker to bypass FortiCloud SSO authentication! Our advisory is here: https://t.co/dmuWkJpBUM #Patch #Patch #Patch

#Microsoft has released security patches for 56 vulnerabilities. 3 vulnerabilities were identified as critical, and 53 are classified as Important. 3 are 0-day vulnerabilities and 1 is actively exploited. Patches are available via Patch Tuesday. Time to #patch #patch #patch

Warning: New score for XXE Injection in #ApacheTika #CVE-2025-54988 now Critical with CVSS: 9.8. PDF XFA parser enables data exfiltration via crafted files. #patch #patch #patch

Warning: Critical #RCE in #n8n! #CVE-2025-65964 CVSS: 9.4. Git node lets attackers abuse core.hooksPath for arbitrary command execution on the host! Patch to 1.119.2+. Our advisory: https://t.co/S742FaeYWA #Patch #Patch #Patch

Warning: 11 vulnerabilities were patched in #Advantech WISE-DeviceOnServer. The most critical CVE, #CVE-2025-34256 (CVSSv3 9.8), allows remote attackers to forge authentication tokens, enabling unauthorised access or session manipulation.#Path Patch #Patch

Warning: A critical vulnerability, #CVE-2025-66570 (CVSSv3 10.0), was patched in #cpp-httplib. The vulnerability can lead to unauthorised access to protected resources. Time to #Patch #Patch #Patch

Warning: #Apache released a fix for #CVE-2025-58098 (CVSSv3 8.3), a vulnerability in Apache HTTP Server when Server Side Includes (SSI) and mod_cgid are enabled. The vulnerability can lead to data disclosure or data tampering. #Patch #Patch #Patch

Warning: Critical XXE vulnerability in #Apache Tika. CVE-2025-66516 CVSS:10.0. This vulnerability expands the scope of CVE-2025-54988. A previous upgrade of one module could mean you are still vulnerable. #Patch #Patch #Patch

Warning: 3 critical vulnerabilities in #JFrog #PickleScan including CVE-2025-10157 CVSS: 9.3. This vulnerability can lead to remote code execution. #RCE! #Patch #Patch #Patch

Warning: Command injection vulnerability in #ArrayNetworks AG Series. No CVE identifier assigned yet. This vulnerability has been actively exploited since August 2025 for remote code execution. Read their alert: https://t.co/Xw9HMnEDBE  #RCE! #Patch #Patch #Patch