Alerts and advisories

FreePBX security advisory (AV26–596)

2026-06-12T19:27:44Z

Serial number: AV26–596
Date: June 12, 2026

On June 12, 2026, FreePBX published security advisories to address vulnerabilities in the following products:

FreePBX Security-Reporting ucp (FreePBX 16) – versions prior to 0.39
FreePBX Security-Reporting ucp (FreePBX 17) – versions prior to 0.7
FreePBX Security-Reporting superfecta (FreePBX 16) – versions prior to 16.0.40
FreePBX Security-Reporting superfecta (FreePBX 17) – versions prior to 17.0.7

The Cyber Centre encourages users and administrators to review the web links provided, apply the necessary updates and perform the suggested mitigations.

GeoServer security advisory (AV26-595)

2026-06-12T19:12:40Z

Serial number: AV26-595
Date: June 12, 2026

On June 11, 2026, GeoServer published a security advisory to address vulnerabilities in the following products:

GeoServer – versions prior to 3.0.0
GeoTools – versions prior to 35.0
GeoWebCache – versions prior to 2.0.0

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.

Oracle security advisory (AV26-587) – Update 1

2026-06-12T18:03:41Z

Serial number: AV26-587
Date: June 11, 2026
Updated: June 12, 2026

On June 10, 2026, Oracle published a security advisory to address a critical vulnerability in the following product:

PeopleSoft Enterprise PeopleTools – versions 8.61 and 8.62

Open-source reporting indicates that CVE-2026-35273 is being exploited in the wild.

Update 1

On June 12, 2026, Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2026-35273 to their Known Exploited Vulnerabilities (KEV) Database.

The Cyber Centre encourages users and administrators to review the provided web links and perform the suggested mitigations.

[Control Systems] Moxa security advisory (AV26-594)

2026-06-12T14:09:11Z

Serial number: AV26-594
Date: June 12, 2026

On June 12, 2026, Moxa published a security advisory to address vulnerabilities in the following products:

UC-1200A / UC-2200A /UC-3400A /UC-4400A /UC-8200 series– multiple versions and models
V1200 Series – version v1.2.0 and prior
V3200 / V3400 series – version v1.1 and prior
V2406C WL Models – version v1.2 and prior

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.

Google Chrome security advisory (AV26-593)

2026-06-12T13:55:51Z

Serial number: AV26-593
Date: June 12, 2026

On June 11, 2026, Google published a security advisory to address vulnerabilities in the following product:

Stable Channel Chrome for Desktop – versions prior to 149.0.7827.114/115 (Windows/Mac), and 149.0.7827.114 (Linux)

The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary updates, when available.

Google Chrome Security Advisory

Spring security advisory (AV26-592)

2026-06-12T13:46:17Z

Serial number: AV26-592
Date: June 12, 2026

Between June 10 and 11, 2026, Spring published security advisories to address vulnerabilities in the following products:

Spring Cloud Sleuth – versions 3.1.0 to 3.1.13
Spring Statemachine – multiple versions
Spring Cloud Gateway – multiple versions
Spring Integration – multiple versions
Spring for GraphQL – multiple versions

The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary updates.

Spring Security Advisories

Microsoft Edge security advisory (AV26-591)

2026-06-12T13:37:46Z

Serial number: AV26-591
Date: June 12, 2026

On June 9, 2026, Microsoft published a security update to address vulnerabilities in the following product:

Microsoft Edge Stable Channel – versions prior to 149.0.4022.62

Microsoft has indicated that CVE-2026-11645 has an available exploit.

The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary update.

Microsoft Edge Stable Channel Release Notes

Ivanti security advisory (AV26-567) – Update 1

2026-06-11T19:07:06Z

Serial number: AV26-567
Date: June 9, 2026
Updated: June 11, 2026

On June 9, 2026, Ivanti published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following:

Ivanti Sentry – versions 10.5.1, 10.6.1, 10.7.0 and prior
Ivanti Endpoint Manager Mobile – versions 12.9.0, 12.8.0.2, 12.7.0.1 and prior

Update 1

On June 11, 2026, Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2026-10520 to their Known Exploited Vulnerabilities (KEV) Database.

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.

Check Point security advisory (AV26-590)

2026-06-11T18:32:02Z

Serial number: AV26-590
Date: June 11, 2026

On June 11, 2026, Check Point published a security advisory to address a vulnerability in the following product:

Identity Agent – versions prior to 81.087.0000

The Cyber Centre encourages users and administrators to review the provided web links and perform the suggested mitigations.

Ubiquiti security advisory (AV26-589)

2026-06-11T18:28:15Z

Serial number: AV26-589
Date: June 11, 2026

On June 10, 2026, Ubiquiti published a security advisory to address vulnerabilities in the following products. Included were critical updates for the following:

UID Enterprise Agent – version 1.61.3 and prior
UDM, UDM-Pro, UDM-SE, UDM-Pro-Max, EFG, UDW, UDR, UDR7, UDR-5G, Express 7, UCK, UCKP, UCK-Enterprise, UNVR, UNVR-Pro, UNVR-Instant, ENVR, ENVR-Core, UNVR-G2, UNVR-G2-Pro, UCG-Ultra, UCG-Max, UCG-Industrial and UCG-Fiber – version 5.1.12 and prior
UniFi OS Server – version 5.0.8 and prior
UDM-Beast – version 5.1.11 and prior
UNAS-2, UNAS-4, UNAS-Pro, UNAS-Pro-4 and UNAS-Pro-8 – version 5.1.10 and prior
Express – version 4.0.14 and prior

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.

GitLab security advisory (AV26-588)

2026-06-11T14:11:00Z

Serial number: AV26-588
Date: June 11, 2026

On June 10, 2026, GitLab published a security advisory to address vulnerabilities in the following products:

GitLab Community Edition (CE) – versions prior to 19.0.2, 18.11.5 and 18.10.8
GitLab Enterprise Edition (EE) – versions prior to 19.0.2, 18.11.5 and 18.10.8

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.

Splunk security advisory (AV26-586)

2026-06-10T19:12:32Z

Serial number: AV26-586
Date: June 10, 2026

On June 10, 2026, Splunk published security advisories to address vulnerabilities in the following products:

Splunk SOAR – versions prior to 8.5.0
Splunk Enterprise – multiple versions and platforms
Splunk Cloud Platform – multiple versions and platforms

The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary updates.

Splunk Security Advisories

Broadcom VMware security advisory (AV26-585)

2026-06-10T18:41:12Z

Serial number: AV26-585
Date: June 10, 2026

On June 9, 2026, Broadcom published a security advisory to address vulnerabilities in the following product. Included was a critical update for the following:

VMware Tanzu for Valkey on Kubernetes – versions prior to 3.4.1

The Cyber Centre encourages users and administrators to review the web links provided and apply the necessary updates.

n8n security advisory (AV26-584)

2026-06-10T18:12:08Z

Serial number: AV26-584
Date: June 10, 2026

On June 10, 2026, n8n published security advisories to address vulnerabilities in multiple products:

n8n (Credential Exfiltration) – multiple versions
n8n (Cross-Tenant Credential) – multiple versions
n8n (n8n MCP Browser) – versions 2.26.2 to 2.25.7
n8n(SecurityScorecard Node) – multiple versions

The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary update.

Palo Alto Networks security advisory (AV26-583)

2026-06-10T18:06:32Z

Serial number: AV26-483
Date: June 10, 2026

On June 10, 2026, Palo Alto Networks published security advisories to address vulnerabilities in the following products:

Cortex XSIAM CommvaultSecurityIQ Marketplace 1.1.0 – versions prior to 1.2.0
Cortex XSOAR CommvaultSecurityIQ Marketplace 1.1.0 – versions prior to 1.2.0
Prisma Browser – versions prior to 148.18.4.217

The Cyber Centre encourages users and administrators to review the provided web links, perform the suggested mitigations and apply the necessary updates.

HPE security advisory (AV26-582)

2026-06-10T18:01:52Z

Serial number: AV26-582
Date: June 10, 2026

On June 10, 2026, HPE published a security advisory to address vulnerabilities in the following products:

HPE Telco Suite – multiple versions and models

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.

Erlang security advisory (AV26-581)

2026-06-10T17:39:07Z

Serial number: AV26-581
Date: June 10, 2026

On June 10, 2026, Erlang published security advisories to address vulnerabilities in the following products:

OTP – versions prior to 27.3.4.13, 28.5.0.2 and 29.0.2
erts (OTP) – versions prior to 15.2.7.9, 16.4.0.2 and 17.0.2
inets (otp) – versions prior to 9.7.1, 9.6.2.2 and 9.3.2.6
ssl (OTP) – versions prior to 11.7.2, 11.6.0.2 and 11.2.12.9

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.

[Control systems] ABB security advisory (AV26-580)

2026-06-10T17:29:34Z

Serial number: AV26-580
Date: June 10, 2026

On June 10, 2026, ABB published a security advisory to address a vulnerability in the following products:

PPC3100 – versions prior to 1.8.1
C50 – versions prior to 1.8.0
C80 – versions prior to 1.8.0
FT50 – versions prior to 1.8.1
MT50 – versions prior to 1.8.1
T30 – versions prior to 1.8.0
T80 – versions prior to 1.8.0
T50 – versions prior to 1.8.1

The Cyber Centre encourages users and administrators to review the provided web links and perform the suggested mitigations.

FreePBX security advisory (AV26–579)

2026-06-10T17:24:19Z

Serial number: AV26–579
Date: June 10, 2026

On June 10, 2026, FreePBX published a security advisory to address a vulnerability in the following product:

FreePBX Security-Reporting music (FreePBX 16) – versions 16.0.4 and prior
FreePBX Security-Reporting music (FreePBX 17) – versions 17.0.6 and prior

The Cyber Centre encourages users and administrators to review the web links provided, apply the necessary updates and perform the suggested mitigations.

Jenkins security advisory (AV26-578)

2026-06-10T17:20:18Z

Serial number: AV26-578
Date: June 10, 2026

On June 10, 2026, Jenkins published a security advisory to address vulnerabilities in the following products:

Jenkins weekly – version 2.567 and prior
Jenkins LTS – version 2.555.2 and prior

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.

AMD security advisory (AV26-577)

2026-06-10T14:54:16Z

Serial number: AV26-577
Date: June 10, 2026

On June 9, 2025, AMD published security advisories to address vulnerabilities in multiple products.

Versal Prime Series Gen 2
Versal AI Edge Series Gen 2
AMD Management Console (AMC) – versions prior to 14.0.0
AMD Ryzen Master – versions prior to 2.14.3
AMD µProf – versions prior to 5.3

The Cyber Centre encourages users and administrators to review the provided web links, perform the suggested mitigations and apply the necessary updates.

FreeBSD security advisory (AV26-576)

2026-06-10T14:43:44Z

Serial number: AV26-576
Date: June 10, 2026

On June 9, 2026, FreeBSD published security advisories to address vulnerabilities in the following product:

FreeBSD – all supported versions

The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary updates.

FreeBSD Security Advisories

Mozilla security advisory (AV26-575)

2026-06-10T14:34:58Z

Serial number: AV26-575
Date: June 10, 2026

On June 9, 2026, Mozilla published a security advisory to address vulnerabilities in the following products:

Focus for iOS – versions prior to 151.3.1
Klar for iOS – versions prior to 151.3.1

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.

Spring security advisory (AV26-574)

2026-06-10T14:29:05Z

Serial number: AV26-574
Date: June 10, 2026

Between June 9 and 10, 2026, Spring published security advisories to address vulnerabilities in the following products:

Spring AMQP – multiple versions
Spring Authorization Server – multiple versions
Spring Web Services – multiple versions
Spring Web Flow – multiple versions
Spring REST Docs – multiple versions
Spring Data Commons – multiple versions
Spring Data Relational – multiple versions
Spring Security – multiple versions
Spring Data MongoDB – multiple versions
Spring Data JDBC – multiple versions
Spring Data KeyValue – multiple versions
Spring Data R2DBC – multiple versions
Spring Data Redis – multiple versions
Spring Data REST – multiple versions
Spring for Apache Kafka – multiple versions
Spring for Apache Pulsar – multiple versions
Spring Data Commons (transitively affects all Spring Data store modules) – multiple versions

The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary updates.

Spring Security Advisories

HPE security advisory (AV26-573)

2026-06-10T14:23:28Z

Serial number: AV26-573
Date: June 10, 2026

On June 9, 2026, HPE published a security advisory to address a vulnerability in the following product:

HPE ProLiant RL300 Gen11 – versions prior to 1.84_04-02-2026

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.

OpenSSL security advisory (AV26-572)

2026-06-10T14:18:42Z

Serial number: AV26-572
Date: June 10, 2026

On June 9, 2026, OpenSSL published security advisories to address vulnerabilities in the following product:

OpenSSL – versions 4.0.0 to versions prior to 4.0.1
OpenSSL – versions 3.6.0 to versions prior to 3.6.3
OpenSSL – versions 3.5.0 to versions prior to 3.5.7
OpenSSL – versions 3.4.0 to versions prior to 3.4.6
OpenSSL – versions 3.0.0 to versions prior to 3.0.21
OpenSSL – versions 1.1.1 to versions prior to 1.1.1zh
OpenSSL – versions 1.0.2 to versions prior to 1.0.2zq

The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary updates.

OpenSSL Vulnerabilities

Cisco security advisory (AV26-551) - Update 1

2026-06-09T19:28:10Z

Serial number: AV26-551
Date: June 5, 2026
Updated: June 9, 2026

On June 4, 2026, Cisco published a security advisory to address a vulnerability in the following product:

Cisco Catalyst SD-WAN Manager

Update 1

On June 9, 2026, Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2026-20245 to their Known Exploited Vulnerabilities (KEV) Database.

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates, when available.

HPE security advisory (AV26-571)

2026-06-09T19:03:41Z

Serial number: AV26-571
Date: June 9, 2026

On June 9, 2026, HPE published a security advisory to address vulnerabilities in the following products:

HPE Aruba Networking Management Software (Airwave) – version 8.3.0.6 and prior
HPE Aruba Networking Private 5G Management Dashboard – all versions

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.

Adobe security advisory (AV26-570)

2026-06-09T18:59:15Z

Serial number: AV26-570
Date: June 9, 2026

On June 9, 2026, Adobe published security advisories to address critical vulnerabilities in the following products:

Adobe Experience Manager (AEM) – version AEM Cloud Service (CS)
Adobe Experience Manager (AEM) – version 6.5 LTS SP1 and prior
Adobe Experience Manager (AEM) – version SP24 and prior
Adobe Experience Manager 6.5 LTS – version SP1 and prior
Adobe Experience Manager 6.5 – version 6.5.24.0 and prior
Adobe InDesign – version ID21.3 and prior
Adobe InDesign – version ID20.5.3 and prior
Adobe InCopy – version 21.3 and prior
Adobe InCopy – version 20.5.3 and prior
Adobe Substance 3D Sampler – version 6.0.0 and prior
Content Credentials JS SDK – version @contentauth/c2pa-web@0.8.3 and prior
Content Credentials Rust SDK – version c2pa-v0.85.1 and prior
Adobe Dreamweaver – version 21.7 and prior
Adobe Acrobat – version 26.001.21651 and prior
Adobe Reader – version 26.001.21651 and prior
Adobe 2024 – version 24.001.30365 and prior
Adobe ColdFusion 2025 – Update 8 and prior
Adobe ColdFusion 2023 – Update 19 and prior
Adobe Format Plugins – version 1.1.52 and prior
Adobe Campaign Classic – version ACC v7: 7.4.3 build 9394 and prior

The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary updates.

Adobe Security Advisories

Microsoft security advisory – June 2026 monthly rollup (AV26-569)

2026-06-09T18:53:14Z

Serial number: AV26-569
Date: June 9, 2026

On June 9, 2026, Microsoft published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following products:

.NET 10.0
.NET 8.0
.NET 9.0
ASP.NET
Azure Connected Machine Agent
Azure HorizonDB
Azure Kubernetes Service
Azure Local
Azure Logic Apps
Azure Machine Learning
Azure Monitor Agent
Azure Monitor Agent Metrics Extension
Azure Orbital Spatio
Azure Privileged Identity Management (PIM)
Azure Resource Manager
Azure SDK
Azure Stack Edge
Azure Stack HCI
Azure Virtual Network Gateway
Copilot Chat
Linux kernel - Microsoft MANA Network Driver
M365 Copilot for Desktop
Microsoft .NET Framework
Microsoft 365
Microsoft 365 Copilot
Microsoft Authenticator
Microsoft Bing
Microsoft Confluence SAML SSO plugin
Microsoft Data Formulator
Microsoft Defender for Endpoint for Mac
Microsoft Dynamics 365
Microsoft Edge
Microsoft Entra ID
Microsoft Excel
Microsoft Excel 2016
Microsoft Exchange Online
Microsoft Exchange Server
Microsoft Global Secure Access (GSA)
Microsoft Graph
Microsoft JIRA SAML SSO plugin
Microsoft Live Share Canvas SDK
Microsoft Malware Protection Engine
Microsoft Office
Microsoft Office 2016
Microsoft Office 2019
Microsoft Office 365
Microsoft Office LTSC
Microsoft Outlook for iOS
Microsoft PC Manager
Microsoft Planetary Computer Pro (GeoCatalog)
Microsoft Power Pages
Microsoft PowerPoint for Android
Microsoft PowerToys
Microsoft SQL Server 2016
Microsoft SQL Server 2017
Microsoft SQL Server 2019
Microsoft SQL Server 2022
Microsoft SQL Server 2025
Microsoft SharePoint Enterprise Server 2016
Microsoft SharePoint Server 2019
Microsoft Teams
Microsoft Visual Studio
Microsoft Visual Studio 2026
Microsoft Word
Microsoft Word 2016
Nuance PowerScribe 360
Nuance PowerScribe One
Office Online Server
Power Automate for Desktop
PowerScribe One
Remote Desktop client
Visual Studio
Visual Studio Code
Windows 10
Windows 11
Windows Admin Center
Windows Admin Center in Azure Portal
Windows App Client
Windows Narrator Braille
Windows Server 2012
Windows Server 2016
Windows Server 2019
Windows Server 2022
Windows Server 2025

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.

June 2026 Security Updates

Google Chrome security advisory (AV26-561) – Update 1

2026-06-09T17:51:05Z

Serial number: AV26-561
Date: June 9, 2026

On June 8, 2026, Google published a security advisory to address vulnerabilities in the following product:

Stable Channel Chrome for Desktop – versions prior to 149.0.7827.102/.103 (Windows/Mac), and 149.0.7827.102 (Linux)

Google is aware that an exploit for CVE-2026-11645 exists in the wild.

Update 1

On June 9, 2026, Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2026-11645 to their Known Exploited Vulnerabilities (KEV) Database.

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates, when available.

Fortinet security advisory (AV26-568)

2026-06-09T15:35:07Z

Serial number: AV26-568
Date: June 9, 2026

On June 9, 2026, Fortinet published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following:

FortiSandbox 5.0 – versions 5.0.0 to 5.0.5
FortiSandbox 4.4 – versions 4.4.0 to 4.4.8
FortiSandbox Cloud 5.0 – versions 5.0.4 to 5.0.5
FortiSandbox PaaS 5.0 – versions 5.0.4 through 5.0.5

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.

[Control systems] Siemens security advisory (AV26-566)

2026-06-09T14:18:59Z

Serial number: AV26-566
Date: June 9, 2026

On June 9, 2026, Siemens published a security advisory to address vulnerabilities in the following products. Included were updates for the following products:

SINEC INS – versions prior to V1.0 SP2 Update 6
Siemens Products – multiple versions and models
SIPROTEC 5 - CP100 / CP150 / CP200 / CP300 / Devices – all versions
SIPROTEC 5 Compact 7SX800 (CP050) – all versions
Totally Integrated Automation Portal (TIA Portal) – all versions

The Cyber Centre encourages users and administrators to review the web links provided, perform the suggested mitigations and apply the necessary updates.

MISP security advisory (AV26-565)

2026-06-09T13:03:17Z

Serial number: AV26-565
Date: June 9, 2026

On June 4, 2026, MISP published a security advisory to address vulnerabilities in the following product:

MISP (Malware Information Sharing Platform) – versions prior to v2.5.39

The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary updates.

Veeam security advisory (AV26-564)

2026-06-09T12:59:00Z

Serial number: AV26-564
Date: June 9, 2026

On June 9, 2026, Veeam published a security advisor to address a critical vulnerability in the following product:

Veeam Backup and Replication – versions prior to 12.3.2.4854

The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary updates.

Apache security advisory (AV26-563)

2026-06-09T12:54:52Z

Serial number: AV26-563
Date: June 9, 2026

On June 8, 2026, Apache published a security advisory to address vulnerabilities in the following product:

Apache HTTP Server – versions prior to 2.4.68

The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary updates.

SAP security advisory – June 2026 monthly rollup (AV26-562)

2026-06-09T12:49:53Z

Serial number: AV26-562
Date: June 9, 2026

On June 9, 2026, SAP published security advisories to address vulnerabilities in the following products:

SAP NetWeaver AS ABAP and ABAP Platform – versions SAP_BASIS 702, SAP_BASIS 731, SAP_BASIS 740, SAP_BASIS 750, SAP_BASIS 751, SAP_BASIS 752, SAP_BASIS 753, SAP_BASIS 754, SAP_BASIS 755, SAP_BASIS 756, SAP_BASIS 757, SAP_BASIS 758, SAP_BASIS 816, SAP_BASIS 918, SAP_BASIS 919
SAP NetWeaver AS ABAP and ABAP Platform – versions KRNL64NUC 7.22, 7.22EXT, KRNL64UC 7.22, 722EXT, 7.53, KERNEL 7.22, 7.53, 7.54, 7.77, 7.89, 7.93, 9.16, 9.18, 91.9
SAP Commerce Cloud and SAP Data Hub – versions HY_COM 2205, HY_DHUB 2205, COM_CLOUD 2211, 2211-JDK21, DHUB_CLOUD 2211
SAP NetWeaver Application Server Java (Web Container) – version ENGINEAPI 7.50
SAP Commerce Cloud – versions HY_COM 2205, COM_CLOUD 2211, 2211-JDK21
SAP NetWeaver AS ABAP and ABAP Platform – versions SAP_BASIS 700, SAP_BASIS 701, SAP_BASIS 702, SAP_BASIS 731, SAP_BASIS 740, SAP_BASIS 750, SAP_BASIS 751, SAP_BASIS 752, SAP_BASIS 753, SAP_BASIS 754, SAP_BASIS 755, SAP_BASIS 756, SAP_BASIS 757, SAP_BASIS 758, SAP_BASIS 816
ODP Data Replication APIs – versions DW4CORE 200, 300, 400, PI_BASIS 2006_1_700, 701, 702, 731, 740, SAP_BW 750, 816
SAP S/4HANA – versions S4FND 102, 103, 104, 105, 106, 107, 108, 109
SAP NetWeaver AS Java (JDBC Test Servlet) – version BI_UDI 7.50
SAP Wily Introscope Enterprise Manager – version WILY_INTRO_ENTERPRISE 10.8
SAP MDG (Review Match Groups Application) – versions S4CORE 108, SAP_BASIS 916, SAP_BASIS 917, SAP_ABA 816
SAP Business Objects Business Intelligence Platform – versions ENTERPRISE 430, 2025, 2027
SAP Fiori (launchpad) – versions SAP_UI 754, 755, 756, 757, 758, 816
SAP Business Objects – versions ENTERPRISE 430, 2025, 2027
SAP NetWeaver AS Java – versions SERVERCORE 7.50, CORE-TOOLS 7.50, J2EE-APPS 7.50

The Cyber Centre encourages users and administrators to review the provided web link, perform the suggested mitigations, and apply the necessary updates.

SAP Security Patch Day - June 2026

Check Point security advisory (AV26-559) - Update 1

2026-06-09T12:06:36Z

Serial number: AV26-559
Date: June 8, 2026
Updated: June 9, 2026

On June 8, 2026, Check Point published a security advisory to address a critical vulnerability in the following products:

Mobile Access / SSL VPN, Remote Access VPN, Spark Firewall – multiple versions
Security Gateways, Spark Firewall – multiple versions

Check Point has observed active exploitation of this vulnerability.

Update 1

On June 8, 2026, Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2026-50751 to their Known Exploited Vulnerabilities (KEV) Database.

The Cyber Centre encourages users and administrators to review the provided web links and perform the suggested mitigations.

Broadcom VMware security advisory (AV26-560)

2026-06-08T17:24:16Z

Serial number: AV26-560
Date: June 8, 2026

On June 8, 2026, Broadcom published a security advisory to address vulnerabilities in the following products:

VMware Cloud Foundation – versions prior to 9.1.0.0
VMware vSphere Foundation – versions prior to 9.1.0.0
VMware Cloud Foundation – versions prior to 9.0.2.0 EP2
VMware vSphere Foundation – versions prior to 9.0.2.0 EP2
VMware Aria Operations – versions prior to 8.18.7
VMware Aria Operations – versions prior to 8.18.6
VMware Cloud Foundation – versions prior to 5.x
VMware Telco Cloud Platform – versions prior to 5.x

The Cyber Centre encourages users and administrators to review the web links provided and apply the necessary updates.

Spring security advisory (AV26-558)

2026-06-08T14:18:37Z

Serial number: AV26-558
Date: June 9, 2026

On June 8, 2026, Spring published security advisories to address vulnerabilities in the following products:

Micrometer / Micrometer-core / jetty11 / jetty12 – multiple versions
Spring LDAP – multiple versions
Spring Framework – multiple versions

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.

Red Hat security advisory (AV26-557)

2026-06-08T14:12:47Z

Serial number: AV26-557
Date: June 8, 2026

Between June 1 and 7, 2026, Red Hat published security advisories to address vulnerabilities in multiple products. Included were updates to address vulnerabilities in the Linux kernel for the following products:

Red Hat CodeReady Linux Builder – multiple versions and platforms
Red Hat Enterprise Linux – multiple versions and platforms
Red Hat Enterprise Linux Server – multiple versions and platforms
Red Hat Enterprise Linux for Real Time – multiple versions and platforms

The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary updates.

Red Hat Security Advisories

[Control systems] CISA ICS security advisories (AV26–556)

2026-06-08T14:06:51Z

Serial number: AV26–556
Date: June 8, 2026

Between June 1 and 7, 2026, CISA published ICS advisories to address vulnerabilities in the following products:

B&R Industrial Automation GmbH PPT30 Operating System – versions prior to 1.8.0
Hitachi Energy ITT600 Explorer – version prior to 2.1 SP6
Hitachi Energy MACH HiDraw – version 9.22 and prior
Hitachi Energy RTU500 – multiple versions
NAVTOR NavBox – version 4.16.1.20

The Cyber Centre encourages users and administrators to review the provided web link, perform the suggested mitigations and apply the necessary updates if available.

CISA ICS Advisories

Ubuntu security advisory (AV26-555)

2026-06-08T14:01:50Z

Serial number: AV26-555
Date: June 8, 2026

Between June 1 and 7, 2026, Ubuntu published security notices to address vulnerabilities in the Linux kernel affecting the following products:

Ubuntu 14.04 LTS
Ubuntu 16.04 LTS
Ubuntu 18.04 LTS
Ubuntu 20.04 LTS
Ubuntu 22.04 LTS
Ubuntu 24.04 LTS
Ubuntu 25.10
Ubuntu 26.04 LTS

The Cyber Centre encourages users and administrators to review the web link provided and apply the necessary updates.

Ubuntu Security Notices

Dell security advisory (AV26-554)

2026-06-08T13:58:08Z

Serial number: AV26-554
Date: June 8, 2026

Between June 1 and 7, 2026, Dell published security advisories to address vulnerabilities in multiple products:

Dell Private Cloud -VMware – versions prior to 01.04.00.00
PowerSwitch Z9864F-ON – versions prior to v3.5.0
Dell Automation Platform – versions prior to 2.1.0.0
Dell VxRail Appliance – versions prior to 8.0.390

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.

IBM security advisory (AV26-553)

2026-06-08T13:50:54Z

Serial number: AV26-553
Date: June 8, 2026

Between June 1 and 7, 2026, IBM published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following:

Decision Optimization for Cloud Pak for Data – version 5.0 to 5.3.1 - Patch 2 releases
DevOps Test UI (Test UI) – versions Test UI 11.0 to 11.0.6
DevOps Test UI (Test UI) – versions Test UI 11.0 to 11.0.7
FileNet Content Manager – multiple versions
IBM App Connect Enterprise Certified Containers Operands - multiple versions
IBM App Connect Operator – multiple versions
IBM Automation Assets in IBM Cloud Pak for Integration (CP4I) – multiple versions
IBM Big SQL on Cloud Pak for Data – multiple versions
IBM Bob – versions 1.0.0, 1.0.1 and 1.0.2
IBM Business Automation Insights – multiple versions
IBM Business Automation Workflow traditional and IBM Business Automation Workflow Enterprise Service Bus – multiple versions
IBM Enterprise Content Management Text Search – multiple versions
IBM ICP – Discovery – version 5.0.0 to 5.3.1
IBM InfoSphere Optim Archive Viewer – versions 11.7.0.0 to 11.7.0.13
IBM Maximo Application Suite - Visual Inspection Component – multiple versions
IBM Maximo Application Suite – versions 9.0 and 9.1
IBM Netezza Appliance – versions 1.0.0.0 and 1.0.0.1
IBM Observability with Instana (OnPrem) – all versions
IBM Platform Navigator in IBM Cloud Pak for Integration (CP4I) – multiple versions;
IBM Security QRadar EDR – versions 3.12 to 3.12.24
IBM Security SOAR – multiple versions
IBM Sterling Connect:Direct Web Services – versions 6.3.0 to 6.3.0.18
IBM Sterling Connect:Direct Web Services – versions 6.4.0 to 6.4.0.7
IBM Sterling Connect:Direct for Microsoft Windows – versions 6.3.0.0 to 6.3.0.6_iFix050
IBM Sterling Connect:Direct for Microsoft Windows – versions 6.4.0.0 to 6.4.0.4_iFix021
IBM Storage Scale – versions 6.0.0.0 to 6.0.0.2
IBM Storage Scale – versions 5.2.0.0 to 5.2.3.7
IBM Verify Antenna – versions 25.05.0 to 26.03.0
IBM Verify Identity Access Container – multiple versions
IBM Verify Identity Access – multiple versions
IBM WebSphere Application Server – versions 9.0 and 8.5
IBM WebSphere Remote Server – versions 8.5, 9.0 and 9.1
Jazz for Service Management – version 1.1.3 to 1.1.3.27
Maximo AI Service – version 9.1.0
QRadar AI Assistant – versions 1.0.0 to 1.5.0
QRadar Log Source Management App – versions 1.0.0 to 7.0.14
Rational Functional Tester (RFT) – multiple versions

The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary updates.

IBM Product Security Incident Response

SolarWinds security advisory (AV26-549) - Update 1

2026-06-05T18:02:32Z

Serial number: AV26-549
Date: June 4, 2026
Updated: June 5, 2026

Between June 2 and 3, 2026, SolarWinds published security advisories to address vulnerabilities in the following products:

SolarWinds Serv-U – versions prior to 15.5.4 HF1
SolarWinds Web Help Desk – versions prior to 2026.2

Update 1

On June 5, 2026, Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2026-28318 to their Known Exploited Vulnerabilities (KEV) Database.

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.

Progress security advisory (AV26-552)

2026-06-05T17:19:13Z

Serial number: AV26-552
Date: June 5, 2026

Between June 2 and 4, 2026, Progress published security advisories to address vulnerabilities in the following products. Included was a critical update for the following:

Sitefinity CMS and Sitefinity Insight – multiple versions
Progress Kemp LoadMaster – version GA v7.2.63.1 and prior
Progress Kemp LoadMaster - version LTSF v7.2.54.17 and prior

The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary updates.

Docker security advisory (AV26-550)

2026-06-04T19:31:30Z

Serial number: AV26–550
Date: June 4, 2026

On June 1, 2026, Docker published a security advisory to address a vulnerability in the following product:

Docker Desktop – versions prior to 4.76.0

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.

Broadcom VMware security advisory (AV26-548)

2026-06-03T19:49:24Z

Serial number: AV26-548
Date: June 3, 2026

On June 2, 2026, Broadcom published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following:

VMware Tanzu GemFire Management Console - versions prior to 1.4.5
VMware Tanzu Data Lake - versions prior to 4.1.0
VMware Tanzu for Postgres - versions prior to 18.4.0
VMware Tanzu for Postgres - versions prior to 17.10.0
VMware Tanzu for Postgres - versions prior to 16.14.0
VMware Tanzu for Postgres - versions prior to 15.18.0
VMware Tanzu for Postgres - versions prior to 14.23.0

The Cyber Centre encourages users and administrators to review the web links provided and apply the necessary updates.

Cisco security advisory (AV26-547)

2026-06-03T19:22:10Z

Serial number: AV26-547
Date: June 3, 2026

On June 3, 2026, Cisco published security advisories to address vulnerabilities in multiple products. Included was a critical update for the following:

Cisco Unified Communications Manager (CM) Release 14 – versions prior to 14SU6
Cisco Unified Communications Manager (CM) Release 15 – versions prior to 15SU5 (Sep 2026) or COP
Cisco Unified Communications Manager Session Management Edition (CM SME) release 14 – versions prior to 14SU6
Cisco Unified Communications Manager Session Management Edition (CM SME) release 15 – versions prior to 15SU5 (Sep 2026) or COP

Cisco has indicated that a proof-of-concept exploit code is available for CVE-2026-20230.

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.