Security Advisories

Showing 90 advisories

Google Chrome security advisory (AV26-060)

Serial number: AV26-060Date: January 28, 2026 On January 27, 2026, Google published a security advisory to address vulnerabilities in the following product: Stable Channel Chrome for Desktop – versions prior to 144.0.7559.109/.110 (Windows/Mac) and 144.0.7559.109 (Linux) The Cyber Centre encourages

Jan 28, 2026

Canada

CCCSCritical

Fortinet security advisory (AV26-059) – Update 1

Serial number: AV26-059Date: January 27, 2026Updated: January 28, 2026 On January 27, 2026, Fortinet published a security advisory to address a critical vulnerability in the following products: FortiAnalyzer 7.6 – versions 7.6.0 to 7.6.5 FortiAnalyzer 7.4 – versions 7.4.0 to 7.4.9 FortiAnalyzer 7.2

Jan 28, 2026

Canada

HKCERTLow

Aruba Product Multiple Vulnerabilities

Multiple vulnerabilities were identified in Aruba Product. A remote attacker could exploit these vulnerabilities to trigger denial of service condition, sensitive information disclosure, data manipulation and remote code execution on the targeted system. Impact Remote Code Execution Data Manipulatio

Jan 28, 2026

Hong Kong

HKCERTHigh

Fortinet Products Security Restriction Bypass Vulnerability

A vulnerability has been identified in Fortinet Products. A remote attacker could exploit this vulnerability to trigger security restriction bypass on the targeted system. Note: CVE-2026-24858 is being exploited in the wild. An Authentication Bypass Using an Alternate Path or Channel... Impact Secur

Jan 28, 2026

Hong Kong

HKCERTCritical

Google Chrome Remote Code Execution Vulnerability

A vulnerability was identified in Google Chrome. A remote attacker could exploit this vulnerability to trigger denial of service condition and remote code execution on the targeted system. Impact Denial of Service Remote Code Execution System / Technologies affected Google Chrome prior to 144.0.7559

Jan 28, 2026

Hong Kong

HKCERTLow

TP-Link Router Multiple Vulnerabilities

Multiple vulnerabilities were identified in TP-Link Router. A remote attacker could exploit some of these vulnerabilities to trigger denial of service condition and remote code execution on the targeted system. Impact Denial of Service Remote Code Execution System / Technologies affected TL-WR841N v

Jan 28, 2026

Hong Kong

CCCSLow

OpenSSL security advisory (AV26-058)

Serial number: AV26-058Date: January 27, 2026 On January 27, 2026, OpenSSL published security advisories to address vulnerabilities in multiple products. Included were updates for the following products: OpenSSL – versions 3.6.0 to versions prior to 3.6.1 OpenSSL – versions 3.5.0 to versions prior t

Jan 27, 2026

Canada

CCCSCritical

Microsoft security advisory – January 2026 monthly rollup (AV26-024) – Update 1

Serial number: AV26-024Date: January 13, 2026Updated: January 27, 2026 On January 13, 2026, Microsoft published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following products: Azure Connected Machine Agent Azure Core shared client libra

Jan 27, 2026

Canada

CCCSCritical

SmarterTools security advisory (AV25-866) – Update 1

Serial number: AV25-866Date: December 30, 2025Updated: January 27, 2026 On October 9, 2025, SmarterTools published a security update to address a critical vulnerability in the following product: SmarterMail – version Build 9406 and prior Users and administrators of affected product versions are advi

Jan 27, 2026

Canada

CCCSCritical

GNU security advisory (AV26-047) – Update 1

Serial number: AV26-047Date: January 21, 2026Updated: January 26, 2026 On January 21, 2026, GNU published a security advisory to address a vulnerability in the following product. Included was a critical update for the following: GNU InetUtils – versions 1.9.3 to 2.7 Update 1 On January 26, 2026, Cyb

Jan 27, 2026

Canada

CISACritical

Johnson Controls Products

View CSAF Summary Successful exploitation of this vulnerability could result in remote SQL execution, leading to alteration or loss of data. The following versions of Johnson Controls Products are affected: Application and Data Server (ADS) (CVE-2025-26385) Extended Application and Data Server (ADX)

Jan 27, 2026

United States

CISAHigh

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2026-24858 Fortinet Multiple Products Authentication Bypass Using an Alternate Path or Channel Vulnerability This type of vulnerability is a frequent attack vector

Jan 27, 2026

United States

CISACritical

Festo Didactic SE MES PC

View CSAF Summary MES PCs shipped with Windows 10 come pre-installed with XAMPP. XAMPP is a bundle of third-party open-source applications including the Apache HTTP Server, the MariaDB database and more. From time to time, vulnerabilities in these applications are discovered. These are fixed in newe

Jan 27, 2026

United States

CISACritical

iba Systems ibaPDA

View CSAF Summary Successful exploitation of this vulnerability could allow an attacker to perform unauthorized actions on the file system. The following versions of iba Systems ibaPDA are affected: ibaPDA (CVE-2025-14988) CVSS Vendor Equipment Vulnerabilities v3 9.8 iba Systems iba Systems ibaPDA I

Jan 27, 2026

United States

CISACritical

Schneider Electric Zigbee Products

View CSAF Summary Schneider Electric is aware of multiple vulnerabilities with EmberZNet disclosed by Silicon Labs. Many vendors, including Schneider Electric, use Silicon Labs’ Zigbee processors in their offers. The following have denial of service vulnerabilities: Wiser iTRV, Wiser RTR, Wiser UFH,

Jan 27, 2026

United States

HKCERTLow

Microsoft Office Security Restriction Bypass Vulnerability

A vulnerability was identified in Microsoft Office. An attacker could exploit this vulnerability to trigger security restriction bypass on the targeted system. Note: CVE-2026-21509 is being exploited in the wild. Reliance on untrusted inputs in a security decision in Microsoft Office... Impact Secur

Jan 27, 2026

Hong Kong

CCCSLow

Microsoft Edge security advisory (AV26-057)

Serial number: AV26-057Date: January 26, 2026 On January 23, 2026, Microsoft published a security update to address vulnerabilities in the following product: Microsoft Edge Stable Channel – versions prior to 144.0.3719.92 The Cyber Centre encourages users and administrators to review the provided we

Jan 26, 2026

Canada

CCCSLow

[Control systems] B&R security advisory (AV26-056)

Serial number: AV26-056Date: January 26, 2026 On January 19, 2026, B&R published ICS advisories to address vulnerabilities in the following products: Automation Runtime 6 versions – versions prior to 6.5 Automation Runtime 4 versions – versions prior to R4.93 Automation Studio – versions prior to 6.

Jan 26, 2026

Canada

CCCSLow

[Control systems] ABB security advisory (AV26-055)

Serial number: AV26-055Date: January 26, 2026 On January 23, 2026, ABB published a security advisory to address a vulnerability in the following products: ABB 800xA Base – version 6.0.3-9 and prior ABB 800xA Base – version 6.1.1-2 and prior The Cyber Centre encourages users and administrators to rev

Jan 26, 2026

Canada

CCCS

VMware security advisory (AV26-054)

Serial number: AV26-054Date: January 26, 2026 Between January 19 and 25, 2026, VMware published security advisories to address vulnerabilities in multiple Tanzu products. AI Services for VMware Tanzu Platform – versions prior to 10.3.3 Elastic Application Runtime for VMware Tanzu Platform – versions

Jan 26, 2026

Canada

CCCSLow

Red Hat security advisory (AV26-053)

Serial number: AV26-053Date: January 26, 2026 Between January 19 and 25, 2026, Red Hat published security advisories to address vulnerabilities in multiple products. Included were updates to address vulnerabilities in the Linux kernel for the following products: Red Hat CodeReady Linux Builder – mul

Jan 26, 2026

Canada

CCCSLow

HPE security advisory (AV26-052)

Serial number: AV26-052Date: January 26, 2026 On January 23, 2026, HPE published a security advisory to address vulnerabilities in the following product: HPE Telco Universal SLA Management – version 4.6 and prior The Cyber Centre encourages users and administrators to review the provided web links a

Jan 26, 2026

Canada

CCCSLow

[Control systems] CISA ICS security advisories (AV26–051)

Serial number: AV26–051Date: January 26, 2026 Between January 19 and 25, 2026, CISA published ICS advisories to address vulnerabilities in the following products: AutomationDirect CLICK Programmable Logic Controller – version C0-0x AutomationDirect CLICK Programmable Logic Controller – version C0-1x

Jan 26, 2026

Canada

CCCSHigh

AL25-019 - Vulnerabilities impacting Fortinet products - FortiCloud SSO Login Authentication Bypass - CVE-2025-59718 and CVE-2025-59719 - Update 1

Number: AL25-019Date: December 15, 2025Updated: January 26, 2026 Audience This Alert is intended for IT professionals and managers. Purpose An Alert is used to raise awareness of a recently identified cyber threat that may impact cyber information assets, and to provide additional detection and miti

Jan 26, 2026

Canada

CCCSCritical

IBM security advisory (AV26-050)

Serial number: AV26-050Date: January 26, 2026 Between January 19 and 25, 2026, IBM published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following: IBM Big SQL on IBM Cloud Pak for Data – multiple versions IBM Concert Software – version

Jan 26, 2026

Canada

HKCERTMedium

Microsoft Edge Denial of Service Vulnerability

A vulnerability was identified in Microsoft Edge. A remote attacker could exploit this vulnerability to trigger denial of service condition on the targeted system. Impact Denial of Service System / Technologies affected Microsoft Edge version prior to 144.0.3719.92 Solutions Before installation of t

Jan 26, 2026

Hong Kong

CISALow

CISA Adds Five Known Exploited Vulnerabilities to Catalog

CISA has added five new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2018-14634 Linux Kernel Integer Overflow Vulnerability CVE-2025-52691 SmarterTools SmarterMail Unrestricted Upload of File with Dangerous Type Vulnerability CVE

Jan 26, 2026

United States

HKCERTCritical

VMWare Products Multiple Vulnerabilities

Multiple vulnerabilities were identified in VMware products. A remote attacker could exploit some of these vulnerabilities to trigger elevation of privilege and remote code execution on the targeted system. Note: CVE-2024-37079 is actively exploited in the wild. A malicious actor with... Impact Remo

Jan 26, 2026

Hong Kong

CCCSCritical

Oracle security advisory – January 2026 quarterly rollup (AV26-042) – Update 1

Serial number: AV26-042Date: January 21, 2026Updated: January 23, 2026 On January 20, 2026, Oracle published a security advisory to address vulnerabilities in multiple products. Update 1 On January 21, 2026, a proof of concept (PoC) for the vulnerability CVE-2026-21962 became publicly available. CVE

Jan 23, 2026

Canada

CISACritical

Product Categories for Technologies That Use Post-Quantum Cryptography Standards

Executive Summary In response to the June 6, 2025, Executive Order (EO) 14306, “Sustaining Select Efforts to Strengthen the Nation’s Cybersecurity and Amending Executive Order 13694 and Executive Order 14144,” the Cybersecurity and Infrastructure Security Agency (CISA) is providing and regularly upd

Jan 23, 2026

United States

CISA

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2024-37079 Broadcom VMware vCenter Server Out-of-bounds Write Vulnerability This type of vulnerability is a frequent attack vector for malicious cyber actors and p

Jan 23, 2026

United States

CCCSLow

ISC BIND security advisory (AV26-049)

Serial number: AV26-049Date: January 22, 2026 On January 21, 2026, ISC published a security advisory to address a vulnerability in the following products: ISC BIND 9 – versions 9.18.40 to 9.18.43 ISC BIND 9 – versions 9.20.13 to 9.20.17 ISC BIND 9 – versions 9.21.12 to 9.21.16 BIND Supported Preview

Jan 22, 2026

Canada

CCCSCritical

AL26-002 -Vulnerability affecting GNU Inetutils Telnetd - CVE-2026-24061

Number: AL26-002Date: January 22, 2026 Audience This Alert is intended for IT professionals and managers. Purpose An Alert is used to raise awareness of a recently identified cyber threat that may impact cyber information assets, and to provide additional detection and mitigation advice to recipient

Jan 22, 2026

Canada

CISACritical

Delta Electronics DIAView

View CSAF Summary Successful exploitation of this vulnerability could enable an attacker to execute arbitrary code. The following versions of Delta Electronics DIAView are affected: DIAView (CVE-2026-0975) CVSS Vendor Equipment Vulnerabilities v3 7.8 Delta Electronics Delta Electronics DIAView Impro

Jan 22, 2026

United States

CISACritical

Johnson Controls Inc. iSTAR Configuration Utility (ICU) tool

View CSAF Summary Successful exploitation of this vulnerability could allow an attacker to cause a failure within the operating system of the machine hosting the ICU tool. The following versions of Johnson Controls Inc. iSTAR Configuration Utility (ICU) tool are affected: iSTAR Configuration Utility

Jan 22, 2026

United States

CISACritical

Weintek cMT X Series HMI EasyWeb Service

View CSAF Summary Successful exploitation of these vulnerabilities could allow a low-level user to alter privileges and gain full control to the device. The following versions of Weintek cMT X Series HMI EasyWeb Service are affected: cMT3072XH (CVE-2025-14750, CVE-2025-14751) cMT3072XH(T) (CVE-2025-

Jan 22, 2026

United States

CISA

CISA Adds Four Known Exploited Vulnerabilities to Catalog

CISA has added four new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2025-31125 Vite Vitejs Improper Access Control Vulnerability CVE-2025-34026 Versa Concerto Improper Authentication Vulnerability CVE-2025-54313 Prettier eslint-

Jan 22, 2026

United States

CISACritical

Rockwell Automation CompactLogix 5370

View CSAF Summary Successful exploitation of this vulnerability could allow an attacker to cause a denial-of-service condition. The following versions of Rockwell Automation CompactLogix 5370 are affected: CompactLogix 5370 (CVE-2025-11743) CompactLogix 5370 (CVE-2025-11743) CompactLogix 5370 (CVE-2

Jan 22, 2026

United States

CISACritical

EVMAPA

View CSAF Summary Successful exploitation of these vulnerabilities could lead to degraded service, a denial-of-service, or unauthorized remote command execution, which could lead to spoofing or a manipulation of charging station statuses. The following versions of EVMAPA are affected: EVMAPA (CVE-20

Jan 22, 2026

United States

CISACritical

Hubitat Elevation Hubs

View CSAF Summary Successful exploitation of this vulnerability could allow an authenticated attacker to escalate their privileges and control devices outside of their authorized scope. The following versions of Hubitat Elevation Hubs are affected: Elevation C3 (CVE-2026-1201) Elevation C4 (CVE-2026

Jan 22, 2026

United States

CISACritical

AutomationDirect CLICK Programmable Logic Controller

View CSAF Summary Successful exploitation of these vulnerabilities could allow an attacker to impersonate users, escalate privileges, gain unauthorized access to systems and services, and decrypt sensitive data. The following versions of AutomationDirect CLICK Programmable Logic Controller are affec

Jan 22, 2026

United States

CISACritical

Schneider Electric EcoStruxure Process Expert

View CSAF Summary Schneider Electric is aware of a vulnerability in its EcoStruxureTM Process and EcoStruxure™ Process Expert for AVEVA System Platform products. The EcoStruxureTM Process is a single automation system to engineer, operate, and maintain your entire infrastructure for a sustainable, p

Jan 22, 2026

United States

HKCERTCritical

Cisco Products Multiple Vulnerabilities

Multiple vulnerabilities were identified in Cisco products. A remote attacker could exploit some of these vulnerabilities to trigger denial of service condition, cross-site scripting, remote code execution and elevation of privilege on the targeted system. Note: CVE-2026-20045 is... Impact Denial of

Jan 22, 2026

Hong Kong

HKCERTMedium

GitLab Multiple Vulnerabilities

Multiple vulnerabilities were identified in GitLab. A remote attacker could exploit some of these vulnerabilities to trigger denial of service condition and security restriction bypass on the targeted system. Impact Denial of Service Security Restriction Bypass System / Technologies affected GitLab

Jan 22, 2026

Hong Kong

CERT-FR

Recommandations à destination des acteurs du secteur de l’énergie et de l’eau (22 janvier 2026)

**Objet** : Recommandations de sécurisation des systèmes d’information à destination des producteurs, des intégrateurs et des installateurs des systèmes de production industriels du secteur de l’énergie et de l’eau en France. **Annexe** : Liens et références Depuis plusieurs mois, l’Agence...

Google Chrome security advisory (AV26-060)

Fortinet security advisory (AV26-059) – Update 1

Aruba Product Multiple Vulnerabilities

Fortinet Products Security Restriction Bypass Vulnerability

Google Chrome Remote Code Execution Vulnerability

TP-Link Router Multiple Vulnerabilities

OpenSSL security advisory (AV26-058)

Microsoft security advisory – January 2026 monthly rollup (AV26-024) – Update 1

SmarterTools security advisory (AV25-866) – Update 1

GNU security advisory (AV26-047) – Update 1

Johnson Controls Products

CISA Adds One Known Exploited Vulnerability to Catalog

Festo Didactic SE MES PC

iba Systems ibaPDA

Schneider Electric Zigbee Products

Microsoft Office Security Restriction Bypass Vulnerability

Microsoft Edge security advisory (AV26-057)

[Control systems] B&R security advisory (AV26-056)

[Control systems] ABB security advisory (AV26-055)

VMware security advisory (AV26-054)

Red Hat security advisory (AV26-053)

HPE security advisory (AV26-052)

[Control systems] CISA ICS security advisories (AV26–051)

AL25-019 - Vulnerabilities impacting Fortinet products - FortiCloud SSO Login Authentication Bypass - CVE-2025-59718 and CVE-2025-59719 - Update 1

IBM security advisory (AV26-050)

Microsoft Edge Denial of Service Vulnerability

CISA Adds Five Known Exploited Vulnerabilities to Catalog

VMWare Products Multiple Vulnerabilities

Oracle security advisory – January 2026 quarterly rollup (AV26-042) – Update 1

Product Categories for Technologies That Use Post-Quantum Cryptography Standards

CISA Adds One Known Exploited Vulnerability to Catalog

ISC BIND security advisory (AV26-049)

AL26-002 -Vulnerability affecting GNU Inetutils Telnetd - CVE-2026-24061

Delta Electronics DIAView

Johnson Controls Inc. iSTAR Configuration Utility (ICU) tool

Weintek cMT X Series HMI EasyWeb Service

CISA Adds Four Known Exploited Vulnerabilities to Catalog

Rockwell Automation CompactLogix 5370

EVMAPA

Hubitat Elevation Hubs

AutomationDirect CLICK Programmable Logic Controller

Schneider Electric EcoStruxure Process Expert

Cisco Products Multiple Vulnerabilities

GitLab Multiple Vulnerabilities

Recommandations à destination des acteurs du secteur de l’énergie et de l’eau (22 janvier 2026)

Vulnérabilité dans les produits Cisco (22 janvier 2026)

Vulnérabilité dans Ceph (22 janvier 2026)

Vulnérabilité dans Python (22 janvier 2026)

Multiples vulnérabilités dans les produits Symantec (22 janvier 2026)

Cisco security advisory (AV26-048)

HPE security advisory (AV26-046)

CISA Adds One Known Exploited Vulnerability to Catalog

Zoom Products Remote Code Execution Vulnerability

Google Chrome Denial Of Service Vulnerability

Oracle Products Multiple Vulnerabilities

Vulnérabilité dans telnetd (21 janvier 2026)

Multiples vulnérabilités dans Oracle MySQL (21 janvier 2026)

Multiples vulnérabilités dans Oracle Java SE (21 janvier 2026)

Multiples vulnérabilités dans Oracle PeopleSoft (21 janvier 2026)

Multiples vulnérabilités dans Python (21 janvier 2026)

Multiples vulnérabilités dans Oracle Database Server (21 janvier 2026)

Multiples vulnérabilités dans les produits Atlassian (21 janvier 2026)

Multiples vulnérabilités dans Oracle Weblogic (21 janvier 2026)

Multiples vulnérabilités dans Oracle Virtualization (21 janvier 2026)

Vulnérabilité dans Google Chrome (21 janvier 2026)

Multiples vulnérabilités dans GitLab (21 janvier 2026)

Multiples vulnérabilités dans Oracle Systems (21 janvier 2026)

Schneider Electric EcoStruxure Foxboro DCS

Rockwell Automation Verve Asset Manager

Microsoft Edge Multiple Vulnerabilities

Vulnérabilité Microsoft Power Apps (19 janvier 2026)

Juniper Junos OS Multiple Vulnerabilities

Aruba Products Multiple Vulnerabilities

Mozilla Products Multiple Vulnerabilities

Palo Alto PAN-OS Denial Of Service Vulnerability

Adobe Monthly Security Update (January 2026)

Fortinet Products Remote Code Execution Vulnerabilities

Google Chrome Multiple Vulnerabilities

Multiples vulnérabilités dans Synacor Zimbra Collaboration (06 novembre 2025)