It is Patch Tuesday, which implies a lot of software program distributors have launched patches for varied safety vulnerabilities impacting their services and products.
Microsoft issued fixes for 59 flaws, together with six actively exploited zero-days in varied Home windows parts that might be abused to bypass security measures, escalate privileges, and set off a denial-of-service (DoS) situation.
Elsewhere, Adobe launched updates for Audition, After Results, InDesign Desktop, Substance 3D, Bridge, Lightroom Basic, and DNG SDK. The corporate mentioned it isn’t conscious of in-the-wild exploitation of any of the shortcomings.
SAP shipped fixes for 2 critical-severity vulnerabilities, together with a code injection bug in SAP CRM and SAP S/4HANA (CVE-2026-0488, CVSS rating: 9.9) that an authenticated attacker might use to run an arbitrary SQL assertion and result in a full database compromise.
The second important vulnerability is a case of a lacking authorization test in SAP NetWeaver Software Server ABAP and ABAP Platform (CVE-2026-0509, CVSS rating: 9.6) that would allow an authenticated, low-privileged person to carry out sure background Distant Perform Calls with out the required S_RFC authorization.
“To patch the vulnerability, clients should implement a kernel replace and set a profile parameter,” Onapsis mentioned. “Changes in person roles and UCON settings is perhaps required to not interrupt enterprise processes.”
Rounding off the checklist, Intel and Google mentioned they teamed as much as study the safety of Intel Belief Area Extensions (TDX) 1.5, uncovering 5 vulnerabilities within the module (CVE-2025-32007, CVE-2025-27940, CVE-2025-30513, CVE-2025-27572, and CVE-2025-32467), and almost three dozen weaknesses, bugs, and enchancment options.
“Intel TDX 1.5 introduces new options and performance that deliver confidential computing considerably nearer to function parity with conventional virtualization options,” Google mentioned. “On the identical time, these options have elevated the complexity of a extremely privileged software program part within the TCB [Trusted Computing Base].”
Software program Patches from Different Distributors
Safety updates have additionally been launched by different distributors in current weeks to rectify a number of vulnerabilities, together with —
- ABB
- Amazon Internet Providers
- AMD
- AMI
- Apple
- ASUS
- AutomationDirect
- AVEVA
- Broadcom (together with VMware)
- Canon
- Verify Level
- Cisco
- Citrix
- Commvault
- ConnectWise
- D-Hyperlink
- Dassault Systèmes
- Dell
- Devolutions
- dormakaba
- Drupal
- F5
- Fortinet
- Foxit Software program
- FUJIFILM
- Fujitsu
- Gigabyte
- GitLab
- Google Android and Pixel
- Google Chrome
- Google Cloud
- Grafana
- Hikvision
- Hitachi Power
- HP
- HP Enterprise (together with Aruba Networking and Juniper Networks)
- IBM
- Intel
- Ivanti
- Lenovo
- Linux distributions AlmaLinux, Alpine Linux, Amazon Linux, Arch Linux, Debian, Gentoo, Oracle Linux, Mageia, Purple Hat, Rocky Linux, SUSE, and Ubuntu
- MediaTek
- Mitsubishi Electrical
- MongoDB
- Moxa
- Mozilla Firefox and Thunderbird
- n8n
- NVIDIA
- Phoenix Contact
- QNAP
- Qualcomm
- Ricoh
- Rockwell Automation
- Samsung
- Schneider Electrical
- ServiceNow
- Siemens
- SolarWinds
- Splunk
- Spring Framework
- Supermicro
- Synology
- TP-Hyperlink
- WatchGuard
- Zoho ManageEngine
- Zoom, and
- Zyxel
