OpenSSL has released updates to address 12 vulnerabilities, including a critical remote code execution flaw. Discovered by Aisle, the issues mainly involve memory safety and parsing errors that could lead to denial of service or exploitation. The most severe flaws affect versions 3.0 to 3.6, particularly in CMS and PKCS#12 handling.

SAP addressed 19 security vulnerabilities, including a critical flaw in SQL Anywhere Monitor that allowed remote code execution through hardcoded credentials. Experts recommend discontinuing the use of SQL Anywhere Monitor and deleting existing database instances as a temporary fix. Other vulnerabilities in SAP Solution Manager and SAP NetWeaver AS Java were also patched.

Multiple critical flaws in the n8n open-source workflow platform allow authenticated users to execute arbitrary code on the server. Despite a fix being released, researchers found a bypass that could lead to complete control over n8n instances, exposing sensitive data and connected accounts. Users are urged to update to the latest version and review their workflows for security.

Trend Micro has released critical security updates to address multiple vulnerabilities in its Apex Central and Endpoint Encryption PolicyServer products, including remote code execution and authentication bypass flaws. Although there is no evidence of active exploitation, users are urged to apply the updates promptly to mitigate risks. The issues affect all versions leading up to the latest release, with no mitigations available.

Cisco has announced that three critical remote code execution vulnerabilities in its Identity Services Engine (ISE) are being actively exploited, requiring urgent updates from users. The flaws, which allow attackers to execute commands and upload malicious files without authentication, have been assigned a maximum severity rating and must be addressed through specific software patches. Users of ISE 3.3 and 3.4 are advised to upgrade immediately to mitigate risks.