HKCERT Infosec Express

Multiple vulnerabilities were identified in Trend Micro Apex One. A remote attacker could exploit some of these vulnerabilities to trigger remote code execution and elevation of privilege on the targeted system.   Impact Elevation of Privilege Remote Code Execution System / Technologies affected Trend Micro Apex One – 2019 (On-prem) Trend Micro Apex One as a Service (SaaS) Trend Vision One Endpoint – Standard Endpoint Protection (SaaS) Solutions Before installation of the software, please visit the vendor web-site for more details.   Apply fixes issued by the vendor: https://success.trendmicro.com/en-US/solution/KA-0022458

Multiple vulnerabilities were identified in Microsoft Edge. A remote attacker could exploit some of these vulnerabilities to trigger security restriction bypass, data manipulation and sensitive information disclosure on the targeted system. Impact Security Restriction Bypass Information Disclosure Data Manipulation System / Technologies affected Microsoft Edge version prior to 145.0.3800.82 Solutions Before installation of the software, please visit the software vendor web-site for more details. Apply fixes issued by the vendor: Update to version 145.0.3800.82 or later

A vulnerability has been identified in Juniper Junos OS. A remote attacker could exploit this vulnerability to trigger remote code execution on the targeted system. Impact Remote Code Execution System / Technologies affected Junos OS Evolved on PTX Series 25.4 versions before 25.4R1-S1-EVO Junos OS Evolved on PTX Series 25.4 versions before 25.4R2-EVO Please refer to the link below for detail: https://supportportal.juniper.net/s/article/2026-02-Out-of-Cycle-Security-Bulletin-Junos-OS-Evolved-PTX-Series-A-vulnerability-allows-a-unauthenticated-network-based-attacker-to-execute-code-as-root-CVE-2026-21902 Solutions Before installation of the software, please visit the vendor web-site for more details.   https://supportportal.juniper.net/s/article/2026-02-Out-of-Cycle-Security-Bulletin-Junos-OS-Evolved-PTX-Series-A-vulnerability-allows-a-unauthenticated-network-based-attacker-to-execute-code-as-root-CVE-2026-21902

Multiple vulnerabilities were identified in Cisco products. A remote attacker could exploit some of these vulnerabilities to trigger denial of service condition, cross-site scripting, remote code execution and elevation of privilege on the targeted system. Impact Denial of Service Elevation of Privilege Remote Code Execution Cross-Site Scripting System / Technologies affected Cisco FXOS Software Cisco NX-OS Software Cisco UCS Manager Software For affected versions, please refer to the link issued by the vendor: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucsfxosxss-7skVE8Zv https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-n3kn9k_aci_lldp_dos-NdgRrrA3 https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucsciv-wGYtC78q   Solutions Before installation of the software, please visit the vendor web-site for more details.   Apply fixes issued by the vendor: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucsfxosxss-7skVE8Zv https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-n3kn9k_aci_lldp_dos-NdgRrrA3 https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucsciv-wGYtC78q

Multiple vulnerabilities were identified in VMware products.  A remote attacker could exploit some of these vulnerabilities to trigger elevation of privilege, cross-site scripting and remote code execution on the targeted system.   Impact Cross-Site Scripting Remote Code Execution Elevation of Privilege System / Technologies affected VMware Aria Operations 8.x VMware Cloud Foundation 4.x, 5.x, 9.x.x.x VMware Telco Cloud Platform 4.x, 5.x VMware Telco Cloud Infrastructure 2.x, 3.x VMware vSphere Foundation 9.x.x.x Solutions Before installation of the software, please visit the vendor web-site for more details.   Apply fixes issued by the vendor: https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36947

Multiple vulnerabilities were identified in Valkey Products. A remote attacker could exploit some of these vulnerabilities to trigger denial of service condition and security restriction bypass on the targeted system. Impact Denial of Service Security Restriction Bypass System / Technologies affected Versions prior to:   Valkey 9.0.3 Valkey 8.1.6 Valkey 8.0.7 Valkey 7.2.12 Solutions Before installation of the software, please visit the vendor web-site for more details. Apply fixes issued by the vendor:   Valkey 9.0.3 Valkey 8.1.6 Valkey 8.0.7 Valkey 7.2.12

Multiple vulnerabilities were identified in Mozilla Products. A remote attacker could exploit some of these vulnerabilities to trigger denial of service condition, elevation of privilege, remote code execution, security restriction bypass, spoofing and sensitive information disclosure on the targeted system. Impact Denial of Service Remote Code Execution Elevation of Privilege Security Restriction Bypass Information Disclosure Spoofing System / Technologies affected Versions prior to:   Firefox 148 Firefox ESR 115.33 Firefox ESR 140.8 Thunderbird 140.8 Thunderbird 148 Solutions Before installation of the software, please visit the vendor web-site for more details. Apply fixes issued by the vendor:   Firefox 148 Firefox ESR 115.33 Firefox ESR 140.8 Thunderbird 140.8 Thunderbird 148

Multiple vulnerabilities were identified in Google Chrome. A remote attacker could exploit some of these vulnerabilities to trigger security restriction bypass, data manipulation and sensitive information disclosure on the targeted system. Impact Information Disclosure Data Manipulation Security Restriction Bypass System / Technologies affected Google Chrome prior to 144.0.7559.116 (Linux) Google Chrome prior to 145.0.7632.116/117 (Mac) Google Chrome prior to 145.0.7632.116/117 (Windows) Solutions Before installation of the software, please visit the software vendor web-site for more details. Apply fixes issued by the vendor: Update to version 144.0.7559.116 (Linux) or later Update to version 145.0.7632.116/117 (Mac) or later Update to version 145.0.7632.116/117 (Windows) or later

Multiple vulnerabilities were identified in Microsoft Edge. A remote attacker could exploit some of these vulnerabilities to trigger remote code execution, denial of service condition and sensitive information disclosure on the targeted system. Impact Remote Code Execution Information Disclosure Denial of Service System / Technologies affected Microsoft Edge version prior to 145.0.3800.70 Solutions Before installation of the software, please visit the software vendor web-site for more details. Apply fixes issued by the vendor: Update to version 145.0.3800.70 or later

A vulnerability was identified in Microsoft Teams. A remote attacker could exploit this vulnerability to trigger sensitive information disclosure on the targeted system. Impact Information Disclosure System / Technologies affected Microsoft Teams Solutions Before installation of the software, please visit the software vendor web-site for more details. Apply fixes or mitigations issued by the vendor: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21535

Multiple vulnerabilities were identified in Google Chrome. A remote attacker could exploit some of these vulnerabilities to trigger remote code execution, denial of service condition and sensitive information disclosure on the targeted system. Impact Remote Code Execution Information Disclosure Denial of Service System / Technologies affected Google Chrome prior to 144.0.7559.109 (Linux) Google Chrome prior to 145.0.7632.109/110 (Mac) Google Chrome prior to 145.0.7632.109/110 (Windows) Solutions Before installation of the software, please visit the software vendor web-site for more details. Apply fixes issued by the vendor: Update to version 144.0.7559.109 (Linux) or later Update to version 145.0.7632.109/110 (Mac) or later Update to version 145.0.7632.109/110 (Windows) or later

A vulnerability was identified in Mozilla Products. A remote attacker could exploit this vulnerability to trigger denial of service condition and remote code execution on the targeted system. Impact Denial of Service Remote Code Execution System / Technologies affected Versions prior to:   Firefox 147.0.4 Firefox ESR 115.32.1 Firefox ESR 140.7.1 Thunderbird 140.7.2 Thunderbird 147.0.2 Solutions Before installation of the software, please visit the vendor web-site for more details. Apply fixes issued by the vendor:   Firefox 147.0.4 Firefox ESR 115.32.1 Firefox ESR 140.7.1 Thunderbird 140.7.2 Thunderbird 147.0.2

Multiple vulnerabilities were identified in Microsoft Edge. A remote attacker could exploit some of these vulnerabilities to trigger sensitive information disclosure, denial of service condition, security restriction bypass and remote code execution on the targeted system.   Note: CVE-2026-2441 is being… Impact Denial of Service Remote Code Execution Information Disclosure Security Restriction Bypass System / Technologies affected Microsoft Edge version prior to 145.0.3800.58 Solutions Before installation of the software, please visit the software vendor web-site for more details. Apply fixes issued by the vendor: Update to version 145.0.3800.58 or later

A vulnerability was identified in F5 BIG-IP. A remote attacker could exploit this vulnerability to trigger denial of service condition on the targeted system. Impact Denial of Service System / Technologies affected BIG-IP AFM and DDoS Hybrid Defender   17.5.1.4     Solutions Before installation of the software, please visit the vendor web-site for more details.   Apply fixes issued by the vendor: https://my.f5.com/manage/s/article/K000160003

A vulnerability has been identified in Apache Tomcat. A remote attacker could exploit this vulnerability to trigger security restriction bypass on the targeted system. Impact Security Restriction Bypass System / Technologies affected Apache Tomcat version 9.0.83 to 9.0.114 Apache Tomcat version 10.1.0-M7 to 10.1.51 Apache Tomcat version 11.0.0-M1 to 11.0.17 Solutions Before installation of the software, please visit the vendor web-site for more details.   Apply fixes issued by the vendor: https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.115 https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.52 https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.18

Multiple vulnerabilities were identified in PostgreSQL. A remote attacker could exploit some of these vulnerabilities to trigger elevation of privilege, remote code execution and sensitive information disclosure on the targeted system. Impact Remote Code Execution Information Disclosure Elevation of Privilege System / Technologies affected PostgreSQL versions prior to 18.2 PostgreSQL versions prior to 17.8 PostgreSQL versions prior to 16.12 PostgreSQL versions prior to 15.16 PostgreSQL versions prior to 14.21 Solutions Before installation of the software, please visit the software vendor web-site for more details.   The vendor has issued fixes: Update to PostgreSQL version 18.2 Update to PostgreSQL version 17.8 Update to PostgreSQL version 16.12 Update to PostgreSQL version 15.16 Update to PostgreSQL version 14.21

A vulnerability was identified in Google Chrome. A remote attacker could exploit this vulnerability to trigger remote code execution on the targeted system.   Note:  CVE-2026-2441 is being exploited in the wild. A remote attacker could exploit this vulnerability to execute arbitrary… Impact Remote Code Execution System / Technologies affected Google Chrome prior to 144.0.7559.75 (Linux) Google Chrome prior to 145.0.7632.75/76 (Mac) Google Chrome prior to 145.0.7632.75/76 (Windows) Solutions Before installation of the software, please visit the software vendor web-site for more details. Apply fixes issued by the vendor: Update to version 144.0.7559.75 (Linux) or later Update to version 145.0.7632.75/76 (Mac) or later Update to version 145.0.7632.75/76 (Windows) or later

Multiple vulnerabilities were identified in MongoDB. A remote attacker could exploit some of these vulnerabilities to trigger denial of service condition and sensitive information disclosure on the targeted system. Impact Denial of Service Information Disclosure System / Technologies affected MongoDB 7.0 versions prior to 7.0.29 MongoDB 8.0 versions prior to 8.0.13 MongoDB 8.0 versions prior to 8.0.18 MongoDB 8.2 versions prior to 8.2.2 MongoDB 8.2 versions prior to 8.2.4 Solutions Before installation of the software, please visit the vendor web-site for more details. Apply fixes issued by the vendor:   https://www.mongodb.com/resources/products/alerts#security

Multiple vulnerabilities were identified in Apple Products. A remote attacker could exploit some of these vulnerabilities to trigger remote code execution, denial of service condition, elevation of privilege, sensitive information disclosure, data manipulation and security restriction bypass on the targeted system.   Note: CVE… Impact Denial of Service Elevation of Privilege Security Restriction Bypass Information Disclosure Data Manipulation Remote Code Execution System / Technologies affected Versions prior to iOS 18.7.5 and iPadOS 18.7.5 Versions prior to iOS 26.3 and iPadOS 26.3 Versions prior to macOS Sonoma 14.8.4 Versions prior to macOS Sequoia 15.7.4 Versions prior to macOS Tahoe 26.3 Versions prior to tvOS 26.3 Versions prior to watchOS 26.3 Versions prior to visionOS 26.3 Versions prior to Safari 26.3 Solutions Before installation of the software, please visit the vendor web-site for more details. Apply fixes issued by the vendor:   iOS 18.7.5 and iPadOS 18.7.5 iOS 26.3 and iPadOS 26.3 macOS Sonoma 14.8.4 macOS Sequoia 15.7.4 macOS Tahoe 26.3 tvOS 26.3 watchOS 26.3 visionOS 26.3 Safari 26.3

Multiple vulnerabilities were identified in Google Chrome. A remote attacker could exploit some of these vulnerabilities to trigger remote code execution, denial of service condition and security restriction bypass on the targeted system. Impact Remote Code Execution Security Restriction Bypass Denial of Service System / Technologies affected Google Chrome prior to 145.0.7632.45 (Linux) Google Chrome prior to 145.0.7632.45/46 (Mac) Google Chrome prior to 145.0.7632.45/46 (Windows) Solutions Before installation of the software, please visit the software vendor web-site for more details. Apply fixes issued by the vendor: Update to version 145.0.7632.45 (Linux) or later Update to version 145.0.7632.45/46 (Mac) or later Update to version 145.0.7632.45/46 (Windows) or later