Multiple vulnerabilities in J-Web can be combined to allow a preAuth Remote Code Execution. This is an out of cyle security release.
WSO2 released security updates that addresses the ‘unrestricted file upload’ vulnerability affecting WSO2 products: API Manager, Identity Server, Identity Server Analytics, Identity Server as Key Manager and Enterprise Integrator.
Drupal released security updates that address Drupal 9.2 and 9.3. The Uganda National CERT and Coordination Center (CERT.UG/CC) strongly advises all Web & Sys admins to review and implement the updates.
Oracle released a critical patch (cumulative) update that addresses multiple vulnerabilities. Malicious actors are actively exploiting these vulnerabilities.
The GitLab team released security updates that address a critical security vulnerability that could be exploited by a malicious actor to seize control of accounts.