It is Patch Tuesday, which suggests various software program distributors have launched patches for numerous security vulnerabilities impacting their services.
Microsoft issued fixes for 59 flaws, together with six actively exploited zero-days in numerous Home windows parts that might be abused to bypass security options, escalate privileges, and set off a denial-of-service (DoS) situation.
Elsewhere, Adobe launched updates for Audition, After Results, InDesign Desktop, Substance 3D, Bridge, Lightroom Traditional, and DNG SDK. The corporate stated it isn’t conscious of in-the-wild exploitation of any of the shortcomings.
SAP shipped fixes for 2 critical-severity vulnerabilities, together with a code injection bug in SAP CRM and SAP S/4HANA (CVE-2026-0488, CVSS rating: 9.9) that an authenticated attacker might use to run an arbitrary SQL assertion and result in a full database compromise.
The second crucial vulnerability is a case of a lacking authorization examine in SAP NetWeaver Software Server ABAP and ABAP Platform (CVE-2026-0509, CVSS rating: 9.6) that might allow an authenticated, low-privileged person to carry out sure background Distant Operate Calls with out the required S_RFC authorization.
“To patch the vulnerability, prospects should implement a kernel replace and set a profile parameter,” Onapsis stated. “Changes in person roles and UCON settings may be required to not interrupt enterprise processes.”
Rounding off the checklist, Intel and Google stated they teamed as much as study the security of Intel Belief Area Extensions (TDX) 1.5, uncovering 5 vulnerabilities within the module (CVE-2025-32007, CVE-2025-27940, CVE-2025-30513, CVE-2025-27572, and CVE-2025-32467), and almost three dozen weaknesses, bugs, and enchancment recommendations.
“Intel TDX 1.5 introduces new options and performance that convey confidential computing considerably nearer to characteristic parity with conventional virtualization options,” Google stated. “On the identical time, these options have elevated the complexity of a extremely privileged software program part within the TCB [Trusted Computing Base].”
Software program Patches from Different Distributors
Safety updates have additionally been launched by different distributors in current weeks to rectify a number of vulnerabilities, together with —
- ABB
- Amazon Net Providers
- AMD
- AMI
- Apple
- ASUS
- AutomationDirect
- AVEVA
- Broadcom (together with VMware)
- Canon
- Verify Level
- Cisco
- Citrix
- Commvault
- ConnectWise
- D-Hyperlink
- Dassault Systèmes
- Dell
- Devolutions
- dormakaba
- Drupal
- F5
- Fortinet
- Foxit Software program
- FUJIFILM
- Fujitsu
- Gigabyte
- GitLab
- Google Android and Pixel
- Google Chrome
- Google Cloud
- Grafana
- Hikvision
- Hitachi Power
- HP
- HP Enterprise (together with Aruba Networking and Juniper Networks)
- IBM
- Intel
- Ivanti
- Lenovo
- Linux distributions AlmaLinux, Alpine Linux, Amazon Linux, Arch Linux, Debian, Gentoo, Oracle Linux, Mageia, Purple Hat, Rocky Linux, SUSE, and Ubuntu
- MediaTek
- Mitsubishi Electrical
- MongoDB
- Moxa
- Mozilla Firefox and Thunderbird
- n8n
- NVIDIA
- Phoenix Contact
- QNAP
- Qualcomm
- Ricoh
- Rockwell Automation
- Samsung
- Schneider Electrical
- ServiceNow
- Siemens
- SolarWinds
- Splunk
- Spring Framework
- Supermicro
- Synology
- TP-Hyperlink
- WatchGuard
- Zoho ManageEngine
- Zoom, and
- Zyxel
