HKCERT Infosec Express

Multiple vulnerabilities were identified in SUSE Linux Kernel. A remote attacker could exploit some of these vulnerabilities to trigger denial of service condition, remote code execution and security restriction bypass on the targeted system. Impact Remote Code Execution Denial of Service Security Restriction Bypass System / Technologies affected SUSE Linux Enterprise High Performance Computing 12 SP5 SUSE Linux Enterprise Live Patching 12-SP5 SUSE Linux Enterprise Live Patching 15-SP6 SUSE Linux Enterprise Live Patching 15-SP7 SUSE Linux Enterprise Real Time 15 SP6 SUSE Linux Enterprise Real Time 15 SP7 SUSE Linux Enterprise Server 12 SP5 SUSE Linux Enterprise Server 15 SP6 SUSE Linux Enterprise Server 15 SP7 SUSE Linux Enterprise Server for SAP Applications 12 SP5 SUSE Linux Enterprise Server for SAP Applications 15 SP6 SUSE Linux Enterprise Server for SAP Applications 15 SP7 Solutions Before installation of the software, please visit the vendor web-site for more details.   Apply fixes issued by the vendor: https://www.suse.com/support/update/announcement/2025/suse-su-202503465-1/ https://www.suse.com/support/update/announcement/2025/suse-su-202503468-1/ https://www.suse.com/support/update/announcement/2025/suse-su-202503469-1/ https://www.suse.com/support/update/announcement/2025/suse-su-202503470-1/ https://www.suse.com/support/update/announcement/2025/suse-su-202503472-1/ https://www.suse.com/support/update/announcement/2025/suse-su-202503473-1/ https://www.suse.com/support/update/announcement/2025/suse-su-202503475-1/ https://www.suse.com/support/update/announcement/2025/suse-su-202503476-1/ https://www.suse.com/support/update/announcement/2025/suse-su-202503479-1/ https://www.suse.com/support/update/announcement/2025/suse-su-202503480-1/

A vulnerability has been identified in Redis Products. A remote attacker could exploit this vulnerability to trigger remote code execution on the targeted system.   Note: Proof of Concept exploit code Is publicly available for CVE-2025-49844. An authenticated user may use a specially… Impact Remote Code Execution System / Technologies affected All Redis Software releases All Redis OSS/CE/Stack releases with Lua scripting Solutions Before installation of the software, please visit the vendor web-site for more details.   Apply fixes issued by the vendor: https://redis.io/blog/security-advisory-cve-2025-49844/

Multiple vulnerabilities were identified in Samsung products. A remote attacker could exploit some of these vulnerabilities to trigger denial of service condition, remote code execution, sensitive information disclosure, data manipulation and security restriction bypass on the targeted system. Impact Remote Code Execution Denial of Service Information Disclosure Security Restriction Bypass Data Manipulation System / Technologies affected Samsung mobile devices running Android 13, 14, 15, 16 For affected products, please refer to the link below: https://security.samsungmobile.com/securityUpdate.smsb Solutions Before installation of the software, please visit the vendor website for more details.   Apply fixes issued by the vendor: https://security.samsungmobile.com/securityUpdate.smsb

Multiple vulnerabilities were identified in Google Chrome. A remote attacker could exploit some of these vulnerabilities to trigger denial of service condition and remote code execution on the targeted system. Impact Remote Code Execution Denial of Service System / Technologies affected Google Chrome prior to 141.0.7390.65 (Linux) Google Chrome prior to 141.0.7390.65/.66 (Mac) Google Chrome prior to 141.0.7390.65/.66 (Windows) Solutions Before installation of the software, please visit the software vendor web-site for more details. Apply fixes issued by the vendor: Update to version 141.0.7390.65 (Linux) or later Update to version 141.0.7390.65/.66 (Mac) or later Update to version 141.0.7390.65/.66 (Windows) or later

A vulnerability has been identified in Zimbra Collaboration Suite. A remote attacker could exploit this vulnerability to trigger cross-site scripting on the targeted system.   Note: CVE-2025-27915 is being exploited in the wild. A stored cross-site scripting vulnerability exists… Impact Cross-Site Scripting System / Technologies affected Zimbra Collaboration Kepler prior to 9.0.0 P44 Zimbra Collaboration Daffodil prior to 10.0.13 Zimbra Collaboration Daffodil prior to 10.1.5 Solutions Before installation of the software, please visit the vendor web-site for more details.   Apply fixes issued by the vendor: https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P44#Security_Fixes https://wiki.zimbra.com/wiki/Zimbra_Releases/10.0.13#Security_Fixes https://wiki.zimbra.com/wiki/Zimbra_Releases/10.1.5#Security_Fixes

A vulnerability has been identified in Oracle E-Business Suite. A remote attacker could exploit this vulnerability to trigger remote code execution on the targeted system.   Note: CVE-2025-61882 is being exploited in the wild. This vulnerability allows unauthenticated attacker with network… Impact Remote Code Execution System / Technologies affected Oracle E-Business Suite versions 12.2.3-12.2.14 Solutions Before installation of the software, please visit the vendor web-site for more details.   Apply fixes issued by the vendor: https://www.oracle.com/security-alerts/alert-cve-2025-61882.html

Multiple vulnerabilities were identified in Jenkins. A remote attacker could exploit some of these vulnerabilities to trigger remote code execution, denial of service condition, spoofing and elevation of privilege on the targeted system.   Note: CVE-2017-1000353 is being exploited in… Impact Remote Code Execution Denial of Service Spoofing Elevation of Privilege System / Technologies affected Jenkins 2.56 and earlier Jenkins LTS 2.46.1 and earlier Solutions Before installation of the software, please visit the vendor web-site for more details. Apply fixes issued by the vendor:   https://www.jenkins.io/security/advisory/2017-04-26/

Multiple vulnerabilities were identified in Ubuntu Linux Kernel. An attacker could exploit some of these vulnerabilities to trigger denial of service condition, elevation of privilege, remote code execution, sensitive information disclosure,  security restriction bypass and data manipulation on the targeted system.   [Updated on 2025… Impact Remote Code Execution Denial of Service Information Disclosure Elevation of Privilege Security Restriction Bypass Data Manipulation System / Technologies affected Ubuntu 14.04 LTS Ubuntu 16.04 LTS Ubuntu 18.04 LTS Ubuntu 20.04 LTS Ubuntu 22.04 LTS Ubuntu 24.04 LTS Ubuntu 25.04 Solutions Before installation of the software, please visit the vendor web-site for more details.   Apply fixes issued by the vendor: https://ubuntu.com/security/notices/USN-7774-4 https://ubuntu.com/security/notices/USN-7774-5 https://ubuntu.com/security/notices/USN-7775-3 https://ubuntu.com/security/notices/USN-7789-1 https://ubuntu.com/security/notices/USN-7790-1 https://ubuntu.com/security/notices/USN-7791-1 https://ubuntu.com/security/notices/USN-7791-2 https://ubuntu.com/security/notices/USN-7791-3 https://ubuntu.com/security/notices/USN-7792-1 https://ubuntu.com/security/notices/USN-7792-2 https://ubuntu.com/security/notices/USN-7793-1 https://ubuntu.com/security/notices/USN-7793-2 https://ubuntu.com/security/notices/USN-7793-3 https://ubuntu.com/security/notices/USN-7793-4 https://ubuntu.com/security/notices/USN-7795-1 https://ubuntu.com/security/notices/USN-7795-2 https://ubuntu.com/security/notices/USN-7796-1 https://ubuntu.com/security/notices/USN-7796-2 https://ubuntu.com/security/notices/USN-7796-3 https://ubuntu.com/security/notices/USN-7797-1 https://ubuntu.com/security/notices/USN-7797-2 https://ubuntu.com/security/notices/USN-7798-1 https://ubuntu.com/security/notices/USN-7799-1 https://ubuntu.com/security/notices/USN-7800-1 https://ubuntu.com/security/notices/USN-7801-1 https://ubuntu.com/security/notices/USN-7801-2 https://ubuntu.com/security/notices/USN-7802-1

Multiple vulnerabilities were identified in Microsoft Edge. A remote attacker could exploit some of these vulnerabilities to trigger security restriction bypass, remote code execution, denial of service condition and sensitive information disclosure on the targeted system. Impact Remote Code Execution Denial of Service Information Disclosure Security Restriction Bypass System / Technologies affected Microsoft Edge version prior to 141.0.3537.57 Solutions Before installation of the software, please visit the software vendor web-site for more details. Apply fixes issued by the vendor: Update to version 141.0.3537.57 or later

Multiple vulnerabilities were identified in OpenSSL. A remote attacker could exploit some of these vulnerabilities to trigger remote code execution, denial of service condition and sensitive information disclosure on the targeted system. Impact Denial of Service Remote Code Execution Information Disclosure System / Technologies affected OpenSSL version 1.0.2 OpenSSL version 1.1.1 OpenSSL version 3.0 OpenSSL version 3.2 OpenSSL version 3.3 OpenSSL version 3.4 OpenSSL version 3.5 Solutions Before installation of the software, please visit the software manufacturer web-site for more details.   For version 1.0.2, upgrade to version 1.0.2zm For version 1.1.1, upgrade to version 1.1.1zd For version 3.0, upgrade to version 3.0.18 For version 3.2, upgrade to version 3.2.6 For version 3.3, upgrade to version 3.3.5 For version 3.4, upgrade to version 3.4.3 For version 3.5, upgrade to version 3.5.4

Multiple vulnerabilities were identified in Google Chrome. A remote attacker could exploit some of these vulnerabilities to trigger security restriction bypass, remote code execution, denial of service condition and sensitive information disclosure on the targeted system. Impact Remote Code Execution Denial of Service Information Disclosure Security Restriction Bypass System / Technologies affected Google Chrome prior to 141.0.7390.54 (Linux) Google Chrome prior to 141.0.7390.54/55 (Mac) Google Chrome prior to 141.0.7390.54/55 (Windows) Solutions Before installation of the software, please visit the software vendor web-site for more details. Apply fixes issued by the vendor: Update to version 141.0.7390.54 (Linux) or later Update to version 141.0.7390.54/55 (Mac) or later Update to version 141.0.7390.54/55 (Windows) or later

Multiple vulnerabilities were identified in RedHat Linux Kernel. A remote attacker could exploit some of these vulnerabilities to trigger denial of service condition, elevation of privilege, remote code execution and sensitive information disclosure on the targeted system.   [Updated on 2025-10-06] … Impact Denial of Service Remote Code Execution Information Disclosure Elevation of Privilege System / Technologies affected Red Hat CodeReady Linux Builder for ARM 64 – Extended Update Support 10.0 aarch64 Red Hat CodeReady Linux Builder for ARM 64 – Extended Update Support 9.4 aarch64 Red Hat CodeReady Linux Builder for ARM 64 – Extended Update Support 9.6 aarch64 Red Hat CodeReady Linux Builder for ARM 64 10 aarch64 Red Hat CodeReady Linux Builder for ARM 64 9 aarch64 Red Hat CodeReady Linux Builder for IBM z Systems – Extended Update Support 10.0 s390x Red Hat CodeReady Linux Builder for IBM z Systems – Extended Update Support 9.4 s390x Red Hat CodeReady Linux Builder for IBM z Systems – Extended Update Support 9.6 s390x Red Hat CodeReady Linux Builder for IBM z Systems 10 s390x Red Hat CodeReady Linux Builder for IBM z Systems 9 s390x Red Hat CodeReady Linux Builder for Power, little endian – Extended Update Support 10.0 ppc64le Red Hat CodeReady Linux Builder for Power, little endian – Extended Update Support 9.4 ppc64le Red Hat CodeReady Linux Builder for Power, little endian – Extended Update Support 9.6 ppc64le Red Hat CodeReady Linux Builder for Power, little endian 10 ppc64le Red Hat CodeReady Linux Builder for Power, little endian 9 ppc64le Red Hat CodeReady Linux Builder for x86_64 – Extended Update Support 10.0 x86_64 Red Hat CodeReady Linux Builder for x86_64 – Extended Update Support 9.4 x86_64 Red Hat CodeReady Linux Builder for x86_64 – Extended Update Support 9.6 x86_64 Red Hat CodeReady Linux Builder for x86_64 10 x86_64 Red Hat CodeReady Linux Builder for x86_64 9 x86_64 Red Hat Enterprise Linux for ARM 64 – 4 years of updates 10.0 aarch64 Red Hat Enterprise Linux for ARM 64 – 4 years of updates 9.4 aarch64 Red Hat Enterprise Linux for ARM 64 – 4 years of updates 9.6 aarch64 Red Hat Enterprise Linux for ARM 64 – Extended Update Support 10.0 aarch64 Red Hat Enterprise Linux for ARM 64 – Extended Update Support 9.4 aarch64 Red Hat Enterprise Linux for ARM 64 – Extended Update Support 9.6 aarch64 Red Hat Enterprise Linux for ARM 64 10 aarch64 Red Hat Enterprise Linux for ARM 64 9 aarch64 Red Hat Enterprise Linux for IBM z Systems – 4 years of updates 10.0 s390x Red Hat Enterprise Linux for IBM z Systems – 4 years of updates 9.4 s390x Red Hat Enterprise Linux for IBM z Systems – 4 years of updates 9.6 s390x Red Hat Enterprise Linux for IBM z Systems – Extended Update Support 10.0 s390x Red Hat Enterprise Linux for IBM z Systems – Extended Update Support 9.4 s390x Red Hat Enterprise Linux for IBM z Systems – Extended Update Support 9.6 s390x Red Hat Enterprise Linux for IBM z Systems 10 s390x Red Hat Enterprise Linux for IBM z Systems 9 s390x Red Hat Enterprise Linux for Power, little endian – 4 years of support 10.0 ppc64le Red Hat Enterprise Linux for Power, little endian – Extended Update Support 10.0 ppc64le Red Hat Enterprise Linux for Power, little endian – Extended Update Support 9.4 ppc64le Red Hat Enterprise Linux for Power, little endian – Extended Update Support 9.6 ppc64le Red Hat Enterprise Linux for Power, little endian 10 ppc64le Red Hat Enterprise Linux for Power, little endian 9 ppc64le Red Hat Enterprise Linux for Real Time 8 x86_64 Red Hat Enterprise Linux for Real Time for NFV 8 x86_64 Red Hat Enterprise Linux for x86_64 – 4 years of updates 10.0 x86_64 Red Hat Enterprise Linux for x86_64 – Extended Update Support 10.0 x86_64 Red Hat Enterprise Linux for x86_64 – Extended Update Support 9.4 x86_64 Red Hat Enterprise Linux for x86_64 – Extended Update Support 9.6 x86_64 Red Hat Enterprise Linux for x86_64 – Extended Update Support Extension 8.6 x86_64 Red Hat Enterprise Linux for x86_64 – Update Services for SAP Solutions 8.6 x86_64 Red Hat Enterprise Linux for x86_64 – Update Services for SAP Solutions 9.0 x86_64 Red Hat Enterprise Linux for x86_64 – Update Services for SAP Solutions 9.2 x86_64 Red Hat Enterprise Linux for x86_64 – Update Services for SAP Solutions 9.4 x86_64 Red Hat Enterprise Linux for x86_64 – Update Services for SAP Solutions 9.6 x86_64 Red Hat Enterprise Linux for x86_64 10 x86_64 Red Hat Enterprise Linux for x86_64 9 x86_64 Red Hat Enterprise Linux Server – AUS 8.6 x86_64 Red Hat Enterprise Linux Server – AUS 9.4 x86_64 Red Hat Enterprise Linux Server – AUS 9.6 x86_64 Red Hat Enterprise Linux Server – TUS 8.6 x86_64 Red Hat Enterprise Linux Server for Power LE – Update Services for SAP Solutions 8.6 ppc64le Red Hat Enterprise Linux Server for Power LE – Update Services for SAP Solutions 9.4 ppc64le Red Hat Enterprise Linux Server for Power LE – Update Services for SAP Solutions 9.6 ppc64le Solutions Before installation of the software, please visit the vendor web-site for more details.   Apply fixes issued by the vendor: https://access.redhat.com/errata/RHSA-2025:17123 https://access.redhat.com/errata/RHSA-2025:17124 https://access.redhat.com/errata/RHSA-2025:17192 https://access.redhat.com/errata/RHSA-2025:17241 https://access.redhat.com/errata/RHSA-2025:17377 https://access.redhat.com/errata/RHSA-2025:17396 https://access.redhat.com/errata/RHSA-2025:17398

Multiple vulnerabilities were identified in Mozilla Products. A remote attacker could exploit some of these vulnerabilities to trigger sensitive information disclosure and remote code execution on the targeted system. Impact Information Disclosure Remote Code Execution System / Technologies affected Versions prior to:   Firefox for iOS 143.1 Firefox 143.0.3 Solutions Before installation of the software, please visit the vendor web-site for more details. Apply fixes issued by the vendor:   Firefox for iOS 143.1 Firefox 143.0.3

A vulnerability has been identified in Apple Products. A remote attacker could exploit this vulnerability to trigger denial of service condition and data manipulation on the targeted system. Impact Denial of Service Data Manipulation System / Technologies affected Versions prior to iOS 18.7.1 and iPadOS 18.7.1 Versions prior to iOS 26.0.1 and iPadOS 26.0.1 Versions prior to macOS Sonoma 14.8.1 Versions prior to macOS Sequoia 15.7.1 Versions prior to macOS Tahoe 26.0.1 Versions prior to visionOS 26.0.1 Solutions Before installation of the software, please visit the vendor web-site for more details. Apply fixes issued by the vendor:   iOS 18.7.1 and iPadOS 18.7.1 iOS 26.0.1 and iPadOS 26.0.1 macOS Sonoma 14.8.1 macOS Sequoia 15.7.1 macOS Tahoe 26.0.1 visionOS 26.0.1

Multiple vulnerabilities were identified in Microsoft Edge. A remote attacker could exploit some of these vulnerabilities to trigger denial of service condition, remote code execution and sensitive information disclosure on the targeted system. Impact Remote Code Execution Denial of Service Information Disclosure System / Technologies affected Microsoft Edge version prior to 140.0.3485.94 Solutions Before installation of the software, please visit the software vendor web-site for more details. Apply fixes issued by the vendor: Update to version 140.0.3485.94 or later

Multiple vulnerabilities were identified in GitLab. A remote attacker could exploit some of these vulnerabilities to trigger denial of service condition, elevation of privilege, sensitive information disclosure and cross-site scripting on the targeted system. Impact Denial of Service Information Disclosure Elevation of Privilege Cross-Site Scripting System / Technologies affected GitLab Community Edition (CE) versions prior to 18.4.1, 18.3.3 and 18.2.7 GitLab Enterprise Edition (EE) versions prior to 18.4.1, 18.3.3 and 18.2.7 Solutions Before installation of the software, please visit the vendor web-site for more details.   Apply fixes issued by the vendor: https://about.gitlab.com/releases/2025/09/25/patch-release-gitlab-18-4-1-released/

A vulnerability was identified in SolarWinds Web Help Desk. A remote attacker could exploit this vulnerability to trigger remote code execution on the targeted system.     Impact Remote Code Execution System / Technologies affected SolarWinds Web Help Desk 12.8.7 and all previous versions Solutions Before installation of the software, please visit the software vendor web-site for more details. Apply fixes issued by the vendor: Update to SolarWinds Web Help Desk version 12.8.7 HF1 or later

Multiple vulnerabilities were identified in Google Chrome. A remote attacker could exploit some of these vulnerabilities to trigger remote code execution, denial of service condition and information disclosure on the targeted system. Impact Remote Code Execution Denial of Service Information Disclosure System / Technologies affected Google Chrome prior to 140.0.7339.207 (Linux) Google Chrome prior to 140.0.7339.207/.208 (Mac) Google Chrome prior to 140.0.7339.207/.208 (Windows) Google Chrome prior to 140.0.7339.207 (Android) Solutions Before installation of the software, please visit the software vendor web-site for more details. Apply fixes issued by the vendor: Update to version 140.0.7339.207 (Linux) or later Update to version 140.0.7339.207/.208 (Mac) or later Update to version 140.0.7339.207/.208 (Windows) or later Update to version 140.0.7339.207 (Android) or later

Multiple vulnerabilities were identified in Cisco products. A remote attacker could exploit some of these vulnerabilities to trigger denial of service condition, cross-site scripting, security restriction bypass, remote code execution and sensitive information disclosure on the targeted system.   Note: CVE-… Impact Denial of Service Security Restriction Bypass Remote Code Execution Cross-Site Scripting Information Disclosure System / Technologies affected Cisco Secure Firewall Adaptive Security Appliance (ASA) Cisco Secure Firewall Threat Defense (FTD) Cisco IOS Cisco IOS XE For affected versions, please refer to the link issued by the vendor: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cat9k-PtmD7bgy https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-9800cl-openscep-SB4xtxzP https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cat9k-acl-L4K7VXgD https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-cli-EB7cZ6yO https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-invalid-url-dos-Nvxszf6u https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-tacacs-hdB7thJw https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-arg-inject-EyDDbh4e https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-xe-cmd-inject-rPJM8BGL https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nbar-dos-LAvwTmeT https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-secboot-UqFD8AvC https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snmpwred-x3MJyf5M https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snmp-x4LPhte https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webui-xss-VWyDgjOU https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-http-code-exec-WmfP3h3O https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-webvpn-YROOTUW https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-webvpn-z5xP8EUB   Solutions Before installation of the software, please visit the vendor web-site for more details.   Apply fixes issued by the vendor: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cat9k-PtmD7bgy https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-9800cl-openscep-SB4xtxzP https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cat9k-acl-L4K7VXgD https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-cli-EB7cZ6yO https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-invalid-url-dos-Nvxszf6u https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-tacacs-hdB7thJw https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-arg-inject-EyDDbh4e https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-xe-cmd-inject-rPJM8BGL https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nbar-dos-LAvwTmeT https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-secboot-UqFD8AvC https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snmpwred-x3MJyf5M https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snmp-x4LPhte https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webui-xss-VWyDgjOU https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-http-code-exec-WmfP3h3O https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-webvpn-YROOTUW https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-webvpn-z5xP8EUB

Multiple vulnerabilities were identified in Microsoft Edge. A remote attacker could exploit some of these vulnerabilities to trigger remote code execution, denial of service condition and information disclosure on the targeted system.   Note: CVE-2025-10585 is being exploited in the wild. … Impact Remote Code Execution Denial of Service Information Disclosure System / Technologies affected Microsoft Edge version prior to 140.0.3485.81 Solutions Before installation of the software, please visit the software vendor web-site for more details. Apply fixes issued by the vendor: Update to version 140.0.3485.81 or later