{"total":84,"page":1,"count":50,"advisories":[{"id":"e494bca3-64b4-489e-844a-f87880f7ffa8","num":227270,"source_id":"cccs","external_id":"https://cyber.gc.ca/en/alerts-advisories/bitwarden-security-advisory-av26-683","title":"BitWarden security advisory (AV26-683)","summary":"Serial number: AV26-683 Date: July 10, 2026 On July 8, 2026, BitWarden published security advisories to address a vulnerability in the following product: Bitwarden Server – versions prior to 2026.6.2 The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates. BitWarden Server BitWarden Home","link":"https://cyber.gc.ca/en/alerts-advisories/bitwarden-security-advisory-av26-683","severity":"unknown","cvss":null,"cves":[],"exploited":false,"has_exploit":false,"published_at":"2026-07-10T19:57:14+00:00"},{"id":"59254c00-9f5e-449c-8b42-ad31b07d14fe","num":222679,"source_id":"cccs","external_id":"https://cyber.gc.ca/en/alerts-advisories/vulnerability-impacting-roundcube-webmail-cve-2025-49113","title":"AL25-007 - Vulnerability impacting Roundcube Webmail – CVE-2025-49113 – Update 1","summary":"Number: AL25-007 Date: June 11, 2025 Updated: July 10, 2026 Audience This Alert is intended for IT professionals and managers of notified organizations. Purpose An Alert is used to raise awareness of a recently identified cyber threat that may impact cyber information assets, and to provide additional detection and mitigation advice to recipients. The Canadian Centre for Cyber Security (\"Cyber Centre\") is also available to provide additional assistance regarding the content of this Alert to recipients as requested. Details On June 1, 2025, Roundcube released a security bulletin for a critical vulnerability affecting Webmail. The issue is described as a Post-Auth RCE via PHP Object Deserialization vulnerability (CVE-2025-49113) Footnote 1 . The versions of Roundcube products affected are Footnote 2 : Webmail – versions prior to 1.5.10 Webmail – versions prior to 1.6.11 In response to this vulnerability, the Cyber Centre released AV25-309 on June 2, 2025 Footnote 3 . While the Cyber Centre has not received any reports of exploitation, the existence of a proof of concept (POC) significantly raises the likeness of abuse by malicious actors. The existence of a published POC makes it imperative to take action to assess and mitigate this vulnerability. The Cyber Centre is aware that exploitation of CVE-2024-42009 has been used to obtain valid credentials, which could lead to exploitation of CVE-2025-49113. CISA added CVE-2024-42009 to their Known Exploited Vulnerabilities (KEV) catalog Footnote 4 Footnote 5 on June 9, 2025. Update 1 The Cyber Centre is aware of open-source reporting indicating ongoing exploitation Footnote 7 of CVE-2024-42009 Footnote 8 and CVE-2025-49113 Footnote 1 related to Roundcube Webmail. The Cyber Centre strongly recommends that organizations upgrade to the latest Roundcube Webmail versions as per AV26-657 Footnote 9 : Webmail – version 1.6.17 Webmail – version 1.7.2 On June 9, 2025, Cybersecurity and Infrastructure Security Agency (CISA) added CVE","link":"https://cyber.gc.ca/en/alerts-advisories/vulnerability-impacting-roundcube-webmail-cve-2025-49113","severity":"critical","cvss":null,"cves":["CVE-2025-49113","CVE-2024-42009","CVE-2025-42009"],"exploited":true,"has_exploit":true,"published_at":"2026-07-10T19:12:59+00:00"},{"id":"17c0b050-91ac-4d53-8179-1e41c81c908c","num":222680,"source_id":"cccs","external_id":"https://cyber.gc.ca/en/alerts-advisories/microsoft-edge-security-advisory-av26-682","title":"Microsoft Edge security advisory (AV26-682)","summary":"Serial number: AV26-682 Date: July 10, 2026 On July 9, 2026, Microsoft published a security update to address vulnerabilities in the following product: Microsoft Edge Stable Channel – versions prior to 150.0.4078.65 The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary update. Microsoft Edge Stable Channel Release Notes","link":"https://cyber.gc.ca/en/alerts-advisories/microsoft-edge-security-advisory-av26-682","severity":"unknown","cvss":null,"cves":[],"exploited":false,"has_exploit":false,"published_at":"2026-07-10T18:06:59+00:00"},{"id":"f2448682-f971-41f4-b350-7544e2138a9a","num":222681,"source_id":"cccs","external_id":"https://cyber.gc.ca/en/alerts-advisories/broadcom-vmware-security-advisory-av26-681","title":"Broadcom VMware security advisory (AV26-681)","summary":"Serial number: AV26-681 Date: July 10, 2026 Between July 8 and 10, 2026, Broadcom published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following: Open Source RabbitMQ - multiple versions VMware Tanzu Greenplum Command Center - multiple versions VMware Tanzu Greenplum Data Copy Utility - versions prior to 2.9.5 VMware Tanzu Greenplum on Kubernetes - versions prior to 1.1.2 VMware Tanzu Greenplum MCP Server - version prior to 1.0.2 VMware Tanzu Greenplum Streaming Server - multiple versions VMware Tanzu Greenplum Text - versions prior to 4.0.2 VMware Tanzu RabbitMQ - multiple versions VMware Tanzu RabbitMQ on Kubernetes - multiple versions VMware Tanzu RabbitMQ on Tanzu Platform - multiple versions The Cyber Centre encourages users and administrators to review the web links provided and apply the necessary updates. Security Advisories - VMware Cloud Foundation","link":"https://cyber.gc.ca/en/alerts-advisories/broadcom-vmware-security-advisory-av26-681","severity":"critical","cvss":null,"cves":[],"exploited":false,"has_exploit":false,"published_at":"2026-07-10T17:59:53+00:00"},{"id":"7467a641-a68d-4316-a3a5-c0d46caa62ea","num":195880,"source_id":"cccs","external_id":"https://cyber.gc.ca/en/alerts-advisories/django-security-advisory-av26-084","title":"Django security advisory (AV26-084) – Update 1","summary":"Serial number: AV26-084 Date: February 4, 2026 Updated: July 9, 2026 On February 3, 2026, Django published a security advisory to address vulnerabilities in the following products: Django 4.2 – versions prior to 4.2.28 Django 5.2 – versions prior to 5.2.11 Django 6.0 – versions prior to 6.0.2 Update 1 Open-source reporting indicates that CVE-2026-1207 is being exploited. The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary updates, when available. Django Security Advisory","link":"https://cyber.gc.ca/en/alerts-advisories/django-security-advisory-av26-084","severity":"unknown","cvss":null,"cves":["CVE-2026-1207"],"exploited":false,"has_exploit":false,"published_at":"2026-07-09T19:45:45+00:00"},{"id":"1b485eb9-87fa-4362-874f-aa964b3f9155","num":195881,"source_id":"cccs","external_id":"https://cyber.gc.ca/en/alerts-advisories/freepbx-security-advisory-av26-680","title":"FreePBX security advisory (AV26-680)","summary":"Serial number: AV26-680 Date: July 9, 2026 On July 9, 2026, FreePBX published security advisories to address vulnerabilities in the following products: FreePBX API (FreePBX 17) – versions prior to 17.0.9 FreePBX Backup (FreePBX 17) – versions prior to 17.0.11 The Cyber Centre encourages users and administrators to review the web links provided, apply the necessary updates and perform the suggested mitigations. Authenticated API generatedocs Host Command Injection Authenticated Arbitrary SSH Key Injection via Backup Module FreePBX Security Advisories","link":"https://cyber.gc.ca/en/alerts-advisories/freepbx-security-advisory-av26-680","severity":"unknown","cvss":null,"cves":[],"exploited":false,"has_exploit":false,"published_at":"2026-07-09T18:02:14+00:00"},{"id":"5283bf99-acd5-4f8d-9eed-ea2b33473c52","num":195882,"source_id":"cccs","external_id":"https://cyber.gc.ca/en/alerts-advisories/google-chrome-security-advisory-av26-679","title":"Google Chrome security advisory (AV26-679)","summary":"Serial number: AV26-679 Date: July 9, 2026 On July 8, 2026, Google published a security advisory to address vulnerabilities in the following product: Stable Channel Chrome for Desktop – versions prior to 150.0.7871.114/115 (Windows/Mac), and 150.0.7871.114 (Linux) The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary updates, when available. Google Chrome Security Advisory","link":"https://cyber.gc.ca/en/alerts-advisories/google-chrome-security-advisory-av26-679","severity":"unknown","cvss":null,"cves":[],"exploited":false,"has_exploit":false,"published_at":"2026-07-09T17:34:07+00:00"},{"id":"011f6c3d-c4e4-4491-b6de-292f6f38915e","num":169589,"source_id":"cccs","external_id":"https://cyber.gc.ca/en/alerts-advisories/progress-security-advisory-av26-678","title":"Progress security advisory (AV26-678)","summary":"Serial number: AV26-678 Date: July 8, 2026 On July 8, 2026, Progress published security advisories to address vulnerabilities in the following product: MOVEit Transfer – version 2024.1.8 and prior MOVEit Transfer – version 2025.0.0 to 2025.0.7 MOVEit Transfer – version 2025.1.0 to 2025.1.3 MOVEit Transfer – version 2026.0.0 The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates. MOVEit Transfer Critical Security Bulletin – June 2026 – (CVE-2026-10699, CVE-2026-10698, CVE-2026-11903) Progress Trust Center","link":"https://cyber.gc.ca/en/alerts-advisories/progress-security-advisory-av26-678","severity":"critical","cvss":null,"cves":["CVE-2026-10699","CVE-2026-10698","CVE-2026-11903"],"exploited":false,"has_exploit":false,"published_at":"2026-07-08T20:01:04+00:00"},{"id":"8fd2e633-70fd-42d2-8622-26c551b5d7d2","num":165344,"source_id":"cccs","external_id":"https://cyber.gc.ca/en/alerts-advisories/gitlab-security-advisory-av26-677","title":"GitLab security advisory (AV26-677)","summary":"Serial number: AV26-677 Date: July 8, 2026 On July 8, 2026, GitLab published a security advisory to address vulnerabilities in the following products: GitLab Community Edition (CE) – versions prior to 19.1.2, 19.0.4 and 18.11.7 GitLab Enterprise Edition (EE) – versions prior to 19.1.2, 19.0.4 and 18.11.7 The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates. GitLab Patch Release: 19.1.2, 19.0.4, 18.11.7 GitLab Releases","link":"https://cyber.gc.ca/en/alerts-advisories/gitlab-security-advisory-av26-677","severity":"unknown","cvss":null,"cves":[],"exploited":false,"has_exploit":false,"published_at":"2026-07-08T19:04:15+00:00"},{"id":"af0d90d3-a907-4890-82ea-6e8d929dfdc7","num":165345,"source_id":"cccs","external_id":"https://cyber.gc.ca/en/alerts-advisories/drupal-security-advisory-av26-676","title":"Drupal security advisory (AV26-676)","summary":"Serial number: AV26-676 Date: July 8, 2026 On July 8, 2026, Drupal published security updates for multiple products. Included was a critical update for the following: Location Selector – versions prior to 1.3.0 The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates or perform the suggested mitigations. Location Selector - Critical - SQL Injection - SA-CONTRIB-2026-072 Drupal Security Advisories","link":"https://cyber.gc.ca/en/alerts-advisories/drupal-security-advisory-av26-676","severity":"critical","cvss":null,"cves":[],"exploited":false,"has_exploit":false,"published_at":"2026-07-08T19:00:23+00:00"},{"id":"45897127-cb20-4a7a-9ac0-a1e71961e681","num":165346,"source_id":"cccs","external_id":"https://cyber.gc.ca/en/alerts-advisories/juniper-networks-security-advisory-av26-675","title":"Juniper Networks security advisory (AV26-675)","summary":"Serial number: AV26-675 Date: July 8, 2026 On July 8, 2026, Juniper Networks published security advisories to address vulnerabilities in the following products: Juniper cRPD – all versions Juniper CTPView – all versions Juniper Network Director – versions prior to 7.1R3 Junos OS – multiple versions Junos OS Evolved – all versions Junos OS on MX Series with SPC3 and SRX Series – multiple versions Junos Space – all versions The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary updates. 2026-07 Security Bulletin: CTPView: Multiple vulnerabilities resolved in 9.3R2-3 Release 2026-07 Security Bulletin: Junos Space: Multiple vulnerabilities resolved in 26.1R1 Patch V1 Release 2026-07 Security Bulletin: Junos OS Evolved: URL handling vulnerability in libfetch results in heap buffer overflow (CVE-2020-7450) 2026-07 Security Bulletin: Junos OS and Junos OS Evolved: Receipt of a specific SNMPv3 request results in memory leak and eventual snmpd crash (CVE-2026-33799) Juniper Support Portal","link":"https://cyber.gc.ca/en/alerts-advisories/juniper-networks-security-advisory-av26-675","severity":"unknown","cvss":null,"cves":["CVE-2020-7450","CVE-2026-33799"],"exploited":false,"has_exploit":false,"published_at":"2026-07-08T17:57:34+00:00"},{"id":"55c45855-0d6e-4ac1-b5d3-c86f176e6911","num":165347,"source_id":"cccs","external_id":"https://cyber.gc.ca/en/alerts-advisories/palo-alto-networks-security-advisory-av26-674","title":"Palo Alto Networks security advisory (AV26-674)","summary":"Serial number: AV26-674 Date: July 8, 2026 On July 8, 2026, Palo Alto Networks published security advisories to address vulnerabilities in the following products: PAN-OS 12.1 – versions prior to 12.1.4-h8 PAN-OS 12.1 – versions prior to 12.1.7-h2 PAN-OS 12.1 – versions prior to 12.1.8 PAN-OS 11.2 – versions prior to 11.2.4-h20 PAN-OS 11.2 – versions prior to 11.2.7-h18 PAN-OS 11.2 – versions prior to 11.2.10-h12 PAN-OS 11.2 – versions prior to 11.2.13 PAN-OS 11.1 – versions prior to 11.1.4-h35 PAN-OS 11.1 – versions prior to 11.1.6-h35 PAN-OS 11.1 – versions prior to 11.1.7.h8 PAN-OS 11.1 – versions prior to 11.1.10-h30 PAN-OS 11.1 – versions prior to 11.1.13-h9 PAN-OS 11.1 – versions prior to 11.1.16 PAN-OS 10.2 – versions prior to 10.2.7-h36 PAN-OS 10.2 – versions prior to 10.2.10-h39 PAN-OS 10.2 – versions prior to 10.2.13-h23 PAN-OS 10.2 – versions prior to 10.2.16-h9 PAN-OS 10.2 – versions prior to 10.2.18-h8 Prisma Access 11.20.0 – versions prior to 11.2.7-h18 Prisma Access 10.2.0 – versions prior to 10.2.10-h39 Prisma Browser – versions prior to 149.10.3.53 The Cyber Centre encourages users and administrators to review the provided web links, perform the suggested mitigations, and apply the necessary updates. PAN-SA-2026-0010 Chromium: Monthly Vulnerability Update (July 2026) CVE-2026-0288 PAN-OS: Buffer Overflow Vulnerabilities in User-ID Terminal Server Agent Palo Alto Network Security Advisories","link":"https://cyber.gc.ca/en/alerts-advisories/palo-alto-networks-security-advisory-av26-674","severity":"unknown","cvss":null,"cves":["CVE-2026-0288"],"exploited":false,"has_exploit":false,"published_at":"2026-07-08T17:34:16+00:00"},{"id":"2163633b-22df-4129-a905-7dd55181e321","num":161051,"source_id":"cccs","external_id":"https://cyber.gc.ca/en/alerts-advisories/tanium-security-advisory-av26-673","title":"Tanium security advisory (AV26-673)","summary":"Serial number: AV26-673 Date: July 8, 2026 On July 7, 2026, Tanium published a security advisory to address a vulnerability in the following products: Tanium Server 2025H1 Release – versions prior to Update MR21 (v7.7.3.8298) Tanium Server 2025H2 Release – versions prior to Update MR11 (v7.8.2.1198) Tanium Server 2026H1 Release – versions prior to Update MR3 (v7.8.4.1327) The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary updates. Tanium Security Advisories - TAN-2026-016 Tanium Security Advisories","link":"https://cyber.gc.ca/en/alerts-advisories/tanium-security-advisory-av26-673","severity":"unknown","cvss":null,"cves":[],"exploited":false,"has_exploit":false,"published_at":"2026-07-08T15:50:04+00:00"},{"id":"c7a2cef4-2590-4503-8390-a7b0fcb7939f","num":161052,"source_id":"cccs","external_id":"https://cyber.gc.ca/en/alerts-advisories/n8n-security-advisory-av26-672","title":"n8n security advisory (AV26-672)","summary":"Serial number: AV26-672 Date: July 8, 2026 On July 8, 2026, n8n published security advisories to address vulnerabilities in the following product: n8n – versions prior to 1.123.64 n8n – versions prior to 2.30.1 n8n – versions prior to 2.29.8 The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary update. n8n Security","link":"https://cyber.gc.ca/en/alerts-advisories/n8n-security-advisory-av26-672","severity":"unknown","cvss":null,"cves":[],"exploited":false,"has_exploit":false,"published_at":"2026-07-08T15:22:10+00:00"},{"id":"ed0d359c-fcd1-412b-8a72-502e11f0d7b7","num":161053,"source_id":"cccs","external_id":"https://cyber.gc.ca/en/alerts-advisories/cyber-n8n-security-advisory-av26-672","title":"Ubiquiti security advisory (AV26-671)","summary":"Serial number: AV26-671 Date: July 8, 2026 On July 2, 2026, Ubiquiti published a security advisory to address critical vulnerabilities in the following products: EF-Core – version 5.1.18 and prior EFG – version 5.1.15 and prior ENVR – version 5.1.15 and prior ENVR-Core – version 5.1.15 and prior Express 7 – version 5.1.15 and prior UCG-Fiber – version 5.1.15 and prior UCG-Industrial – version 5.1.15 and prior UCG-Max – version 5.1.15 and prior UCG-Ultra – version 5.1.15 and prior UCK – version 5.1.15 and prior UCK-Enterprise – version 5.1.15 and prior UCKP – version 5.1.15 and prior UDM – version 5.1.15 and prior UDM-Beast – version 5.1.15 and prior UDM-Pro – version 5.1.15 and prior UDM-Pro – version 5.1.15 and prior UDM-Pro-Max – version 5.1.15 and prior UDM-SE – version 5.1.15 and prior UDR – version 5.1.15 and prior UDR-5G – version 5.1.15 and prior UDR7 – version 5.1.15 and prior UDW – version 5.1.15 and prior UNAS-2 – version 5.1.16 and prior UNAS-4 – version 5.1.16 and prior UNAS-Pro – version 5.1.16 and prior UNAS-Pro-4 – version 5.1.16 and prior UNAS-Pro-8 – version 5.1.16 and prior UniFi Access Application – version 4.2.28 and prior UniFi Network Application – version 10.3.58 and prior UniFi OS Server – version 5.1.15 and prior UniFi Protect Application – version 7.1.77 and prior UniFi Protect Floodlight – version 1.13.4 and prior UniFi Talk Application – version 5.1.2 and prior UNVR – version 5.1.15 and prior UNVR-G2 – version 5.1.15 and prior UNVR-G2-Pro – version 5.1.15 and prior UNVR-Instant – version 5.1.15 and prior UNVR-Pro – version 5.1.15 and prior The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary updates. Ubiquiti UniFi - Security Advisory Bulletin 066","link":"https://cyber.gc.ca/en/alerts-advisories/cyber-n8n-security-advisory-av26-672","severity":"critical","cvss":null,"cves":[],"exploited":false,"has_exploit":false,"published_at":"2026-07-08T15:16:36+00:00"},{"id":"be0c4692-6633-4ed4-869e-08afcd6ed2f6","num":156746,"source_id":"cccs","external_id":"https://cyber.gc.ca/en/alerts-advisories/langflow-security-advisory-av26-670","title":"Langflow security advisory (AV26-670)","summary":"Serial number: AV26-670 Date: July 8, 2026 On July 7, 2026, Langflow updated a security advisory to address vulnerabilities in the following product: Langflow – versions prior to 1.9.1 On July 7, 2026, Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2026-55255 to their Known Exploited Vulnerabilities (KEV) Database. The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates, when available. CVE-2026-55255: Langflow: IDOR Vulnerability in /api/v1/responses Endpoint Allows Authenticated Attackers to Access Another User's Flow CISA KEV: CVE-2026-55255","link":"https://cyber.gc.ca/en/alerts-advisories/langflow-security-advisory-av26-670","severity":"unknown","cvss":null,"cves":["CVE-2026-55255"],"exploited":true,"has_exploit":true,"published_at":"2026-07-08T13:05:23+00:00"},{"id":"d0eb1d34-14aa-49dd-a5cb-484203eb370f","num":19583,"source_id":"cccs","external_id":"https://cyber.gc.ca/en/alerts-advisories/adobe-security-advisory-av26-647","title":"Adobe security advisory (AV26-647) – Update 2","summary":"Serial number: AV26–647 Date: July 2, 2026 Updated: July 7, 2026 On June 30, 2026, Adobe published security advisories to address critical vulnerabilities in the following products: Adobe ColdFusion 2025 – Update 9 and prior Adobe ColdFusion 2023 – Update 20 and prior Adobe Campaign Classic – version ACC v7: 7.4.3 build 9396 and prior Update 1 Open-source reporting indicates that CVE-2026-48282 is being exploited. Update 2 On July 7, 2026, Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2026-48282 to their Known Exploited Vulnerabilities (KEV) Database. The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates. Security update available for Adobe ColdFusion | APSB26-68 Security updates available for Adobe Campaign Classic | APSB26-69 Adobe Security Advisories CISA KEV: CVE-2026-48282","link":"https://cyber.gc.ca/en/alerts-advisories/adobe-security-advisory-av26-647","severity":"critical","cvss":null,"cves":["CVE-2026-48282"],"exploited":true,"has_exploit":true,"published_at":"2026-07-07T19:49:45+00:00"},{"id":"c6bad415-ba10-476b-b195-196facb8f3e1","num":134402,"source_id":"cccs","external_id":"https://cyber.gc.ca/en/alerts-advisories/google-chrome-security-advisory-av26-669","title":"Google Chrome security advisory (AV26-669)","summary":"Serial number: AV26-669 Date: July 7, 2026 On July 7, 2026, Google published a security advisory to address vulnerabilities in the following product: Stable Channel Chrome for Desktop – versions prior to0.7871.100/101 (Windows/Mac), and 150.0.7871.100 (Linux) The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary updates, when available. Google Chrome Security Advisory","link":"https://cyber.gc.ca/en/alerts-advisories/google-chrome-security-advisory-av26-669","severity":"unknown","cvss":null,"cves":[],"exploited":false,"has_exploit":false,"published_at":"2026-07-07T19:47:13+00:00"},{"id":"60d5dc3e-c5c4-477a-a95f-cfb23bc9b045","num":134403,"source_id":"cccs","external_id":"https://cyber.gc.ca/en/alerts-advisories/hpe-security-advisory-av26-668","title":"HPE security advisory (AV26-668)","summary":"Serial number: AV26-668 Date: July 7, 2026 On July 7, 2026, HPE published security advisories to address vulnerabilities in multiple products. Included were updates for the following: HPE Aruba Networking Private 5G Core – 1.26.1.0 and prior The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates. HPESBNW05077 rev.1 - HPE Networking Private 5G Core, Multiple vulnerabilities HPE Security Bulletin Library","link":"https://cyber.gc.ca/en/alerts-advisories/hpe-security-advisory-av26-668","severity":"unknown","cvss":null,"cves":[],"exploited":false,"has_exploit":false,"published_at":"2026-07-07T19:35:43+00:00"},{"id":"f47f8f0f-af1a-4ec7-bb3b-891604360535","num":129673,"source_id":"cccs","external_id":"https://cyber.gc.ca/en/alerts-advisories/zimbra-security-advisory-av26-667","title":"Zimbra security advisory (AV26-667)","summary":"Serial number: AV26-667 Date: July 7, 2026 On July 7, 2026, Zimbra published a security advisory to address vulnerabilities in the following product: Zimbra Collaboration Suite (ZCS) Classic Web Client – versions prior to v10.1.19 The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates. Patch Release Update: Zimbra 10.1.19 Zimbra Patch Release Updates","link":"https://cyber.gc.ca/en/alerts-advisories/zimbra-security-advisory-av26-667","severity":"unknown","cvss":null,"cves":[],"exploited":false,"has_exploit":false,"published_at":"2026-07-07T15:44:00+00:00"},{"id":"0b3c19ab-5fe9-4418-bdd1-089916da0b29","num":129674,"source_id":"cccs","external_id":"https://cyber.gc.ca/en/alerts-advisories/django-security-advisory-av26-666","title":"Django security advisory (AV26-666)","summary":"Serial number: AV26-666 Date: July 7, 2026 On July 7, 2026, Django published a security advisory to address vulnerabilities in the following products: Django 5.2 – versions prior to 5.2.16 Django 6.0 – versions prior to 6.0.7 The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary updates. Django Security Advisory","link":"https://cyber.gc.ca/en/alerts-advisories/django-security-advisory-av26-666","severity":"unknown","cvss":null,"cves":[],"exploited":false,"has_exploit":false,"published_at":"2026-07-07T15:40:38+00:00"},{"id":"b4defc92-b655-41cc-a40f-22cc749040a8","num":129675,"source_id":"cccs","external_id":"https://cyber.gc.ca/en/alerts-advisories/samsung-mobile-security-advisory-av26-665","title":"Samsung mobile security advisory (AV26-665)","summary":"Serial number: AV26-665 Date: July 7, 2026 On July 7, 2026, Samsung published a security update to address vulnerabilities in the following product: Samsung mobile devices – versions prior to SMR-JUL-2026 Release 1 The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary update. Samsung Security Updates","link":"https://cyber.gc.ca/en/alerts-advisories/samsung-mobile-security-advisory-av26-665","severity":"unknown","cvss":null,"cves":[],"exploited":false,"has_exploit":false,"published_at":"2026-07-07T15:37:11+00:00"},{"id":"3439de47-b003-47e2-9965-120f622bd246","num":129676,"source_id":"cccs","external_id":"https://cyber.gc.ca/en/alerts-advisories/control-systems-abb-security-advisory-av26-664","title":"[Control systems] ABB security advisory (AV26-664)","summary":"Serial number: AV26-664 Date: July 7, 2026 On July 6, 2026, ABB published a security advisory to address vulnerabilities in the following product: ABB Ability zenon – all versions APROL – versions prior to R 4.4-01P5 The Cyber Centre encourages users and administrators to review the provided web links and perform the suggested mitigations. ABB Ability zenon Remote Transport Vulnerability (PDF) Security Issues addressed in APROL R 4.4-01P5 (PDF) ABB Cyber security alerts and notifications","link":"https://cyber.gc.ca/en/alerts-advisories/control-systems-abb-security-advisory-av26-664","severity":"unknown","cvss":null,"cves":[],"exploited":false,"has_exploit":false,"published_at":"2026-07-07T15:32:18+00:00"},{"id":"05154252-44de-490f-9ef4-81ae9dfb7aa4","num":129677,"source_id":"cccs","external_id":"https://cyber.gc.ca/en/alerts-advisories/broadcom-vmware-security-advisory-av26-663","title":"Broadcom VMware security advisory (AV26-663)","summary":"Serial number: AV26-633 Date: July 7, 2026 On July 6, 2026, Broadcom published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following: VMware Tanzu for MySQL on Kubernetes – versions prior to 2.0.4 The Cyber Centre encourages users and administrators to review the web links provided and apply the necessary updates. Product Release Advisory - VMware Tanzu for MySQL on Kubernetes 2.0.4 Security Advisories - VMware Cloud Foundation","link":"https://cyber.gc.ca/en/alerts-advisories/broadcom-vmware-security-advisory-av26-663","severity":"critical","cvss":null,"cves":[],"exploited":false,"has_exploit":false,"published_at":"2026-07-07T15:31:37+00:00"},{"id":"785583c4-5723-4b88-831a-5f4afe2c1714","num":129678,"source_id":"cccs","external_id":"https://cyber.gc.ca/en/alerts-advisories/android-security-advisory-july-2026-monthly-rollup-av26-662","title":"Android security advisory – July 2026 monthly rollup (AV26-662)","summary":"Serial number: AV26-662 Date: July 7, 2026 On July 6, 2026, Android published a security bulletin to address vulnerabilities affecting Android devices. The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary updates. Android Security Bulletin — July 2026","link":"https://cyber.gc.ca/en/alerts-advisories/android-security-advisory-july-2026-monthly-rollup-av26-662","severity":"unknown","cvss":null,"cves":[],"exploited":false,"has_exploit":false,"published_at":"2026-07-07T15:30:22+00:00"},{"id":"1f205728-b395-4045-a637-38490761d090","num":105819,"source_id":"cccs","external_id":"https://cyber.gc.ca/en/alerts-advisories/qualcomm-security-advisory-july-2026-monthly-rollup-av26-661","title":"Qualcomm security advisory – July 2026 monthly rollup (AV26-661)","summary":"Serial number: AV26-661 Date: July 6, 2026 On July 6, 2026, Qualcomm published a security bulletin to address vulnerabilities affecting Qualcomm products. The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary updates. July 2026 Security Bulletin","link":"https://cyber.gc.ca/en/alerts-advisories/qualcomm-security-advisory-july-2026-monthly-rollup-av26-661","severity":"unknown","cvss":null,"cves":[],"exploited":false,"has_exploit":false,"published_at":"2026-07-06T18:46:42+00:00"},{"id":"4cbbaa5a-e5e7-49c1-8b93-3e3eb41ed8ef","num":96276,"source_id":"cccs","external_id":"https://cyber.gc.ca/en/alerts-advisories/beyondtrust-security-advisory-av26-660","title":"BeyondTrust security advisory (AV26-660)","summary":"Serial number: AV26-660 Date: July 6, 2026 On June 21, 2026, BeyondTrust published a security advisory to address vulnerabilities in the following products: Remote Support – version 25.3.2 and prior Privileged Remote Access – version 25.3.2 and prior The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates. BeyondTrust Security Advisory - Advisory ID: BT26-03 BeyondTrust Advisories","link":"https://cyber.gc.ca/en/alerts-advisories/beyondtrust-security-advisory-av26-660","severity":"unknown","cvss":null,"cves":[],"exploited":false,"has_exploit":false,"published_at":"2026-07-06T17:50:31+00:00"},{"id":"b9c3443b-6d8b-4bfa-96bd-439791d5671c","num":86703,"source_id":"cccs","external_id":"https://cyber.gc.ca/en/alerts-advisories/microsoft-edge-security-advisory-av26-659","title":"Microsoft Edge security advisory (AV26-659)","summary":"Serial number: AV26-659 Date: July 6, 2026 On July 2, 2026, Microsoft published a security update to address vulnerabilities in the following product: Microsoft Edge Stable Channel – versions prior to 150.0.4078.48 The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary update. Microsoft Edge Stable Channel Release Notes","link":"https://cyber.gc.ca/en/alerts-advisories/microsoft-edge-security-advisory-av26-659","severity":"unknown","cvss":null,"cves":[],"exploited":false,"has_exploit":false,"published_at":"2026-07-06T15:14:40+00:00"},{"id":"553c80fa-1a89-4a28-bb57-4b306fb2670c","num":86704,"source_id":"cccs","external_id":"https://cyber.gc.ca/en/alerts-advisories/openssh-security-advisory-av26-658","title":"OpenSSH security advisory (AV26-658)","summary":"Serial number: AV26-658 Date: July 6, 2026 On July 6, 2026, OpenSSH published a security advisory to address vulnerabilities in the following product: OpenSSH – versions prior to 10.4 The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates. OpenSSH 10.4 Release Notes OpenSSH","link":"https://cyber.gc.ca/en/alerts-advisories/openssh-security-advisory-av26-658","severity":"unknown","cvss":null,"cves":[],"exploited":false,"has_exploit":false,"published_at":"2026-07-06T13:51:57+00:00"},{"id":"7b1276e1-5fd9-4df1-979b-02e2bc1157bf","num":86705,"source_id":"cccs","external_id":"https://cyber.gc.ca/en/alerts-advisories/roundcube-security-advisory-av26-657","title":"Roundcube security advisory (AV26-657)","summary":"Serial number: AV26-657 Date: July 6, 2026 On July 5, 2026, Roundcube published security advisories to address vulnerabilities in the following product: Roundcube Webmail – versions prior to 1.6.17 Roundcube Webmail – versions prior to 1.7.2 The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates. Security updates 1.6.17 and 1.7.2 released Roundcube Webmail 1.6.17 Roundcube Webmail 1.7.2 Roundcube Open Source Webmail Software","link":"https://cyber.gc.ca/en/alerts-advisories/roundcube-security-advisory-av26-657","severity":"unknown","cvss":null,"cves":[],"exploited":false,"has_exploit":false,"published_at":"2026-07-06T13:45:28+00:00"},{"id":"6f9d3891-e71e-42a6-bbd8-63c9a0254ebe","num":86706,"source_id":"cccs","external_id":"https://cyber.gc.ca/en/alerts-advisories/ibm-security-advisory-av26-656","title":"IBM security advisory (AV26-656)","summary":"Serial number: AV26-656 Date: July 6, 2026 Between June 29 and July 5, 2026, IBM published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following: Automation Assets in IBM Cloud Pak for Integration (CP4I) – multiple versions HMC V10.3.1050.0 – versions V10.3.1050.0 to V10.3.1064.0 HMC V11.1.1110.0 – versions V11.1.1110.0 to V11.1.1111.5 IBM Bob – versions 1.0.0, 1.0.1 and 1.0.2 IBM App Connect Operator – multiple versions IBM App Connect Enterprise Certified Containers Operands – multiple versions IBM Business Automation Insights – multiple versions IBM Business Automation Manager Open Editions – versions 9.0.0 to 9.4.2 IBM Business Automation Workflow traditional – multiple versions IBM Business Automation Workflow Enterprise Service Bus – multiple versions IBM Cloud Pak for Business Automation – multiple versions IBM DataPower Gateway – multiple models and versions IBM DataStax Enterprise – versions 6.9.0 to 6.9.22 IBM Db2 Genius Hub – versions 1.1, 1.1.1 and 1.1.2 IBM EntireX – version 11.1 IBM Event Endpoint Management – versions 11.0.0 to 11.7.4 IBM Integrated Analytics System – versions 1.0.0.0 to 1.0.30.0 IBM Library Support for Spring – version 2.7 IBM Quantum Safe Remediator – versions 1.1 to 1.1.2 IBM Rational ClearQuest – versions 9.1 to 9.1.0.11 and 10.0 to 10.0.10 IBM SPSS Modeler – version 19.0.0.0 IBM Tivoli Monitoring – versions 6.3.0.7 to 6.3.0.7 Service Pack 22 IBM Tivoli Netcool Configuration Impact – version 7.1.1 IBM Tivoli Netcool Configuration Manager – versions 6.4.2 GA to 6.4.2.24 IBM Tivoli System Automation Application Manager – version 4.1 IBM webMethods Integration (on prem) – versions 10.15 and 10.11 Langflow OSS – versions 1.0.0 to 1.10.0 Maximo AI Service – version 9.1.0 Platform Navigator in IBM Cloud Pak for Integration (CP4I) – multiple versions PowerVM Novalink – multiple versions WebSphere Application Server – versions 8.5 and 9.0 The Cyber Centre encourages users and","link":"https://cyber.gc.ca/en/alerts-advisories/ibm-security-advisory-av26-656","severity":"critical","cvss":null,"cves":[],"exploited":false,"has_exploit":false,"published_at":"2026-07-06T13:38:12+00:00"},{"id":"c3849108-1651-4fec-acf4-66ebaa8801ff","num":86707,"source_id":"cccs","external_id":"https://cyber.gc.ca/en/alerts-advisories/control-systems-cisa-ics-security-advisories-av26-655","title":"[Control systems] CISA ICS security advisories (AV26–655)","summary":"Serial number: AV26–655 Date: July 6, 2026 Between June 29 and July 5, 2026, CISA published ICS advisories to address vulnerabilities in the following products: CubeSpace CW0057 Reaction Wheel – CW0057 Reaction Wheel Delta Electronics DVP12SE PLC – all versions Frangoteam FUXA SCADA/HMI – versions 1.3.1 and prior Gardyn IoT Hub – versions prior to 2.12.2026 Mitsubishi Electric MELSOFT Update Manager SW1DND-UDM-M – versions 1.000A to versions 1.014Q and prior OFFIS DCMTK Toolkit – versions 3.7.0 and prior Schneider Electric EasyLogic T150 and Saitel DP RTU – multiple versions Schneider Electric EcoStruxure IT Data Center Expert – versions 9.1.1 and prior, 9,12 ST Engineering iDirect iQ-Series Terminals – multiple versions StoneFly Storage Concentrator – multiple versions XZ Utils vulnerability impacting B&R Products – multiple versions The Cyber Centre encourages users and administrators to review the provided web link, perform the suggested mitigations, and apply the necessary updates if available. CISA ICS Advisories","link":"https://cyber.gc.ca/en/alerts-advisories/control-systems-cisa-ics-security-advisories-av26-655","severity":"unknown","cvss":null,"cves":[],"exploited":false,"has_exploit":false,"published_at":"2026-07-06T13:26:59+00:00"},{"id":"c85cc8e3-93ed-4185-a4cc-143a2d641eac","num":86708,"source_id":"cccs","external_id":"https://cyber.gc.ca/en/alerts-advisories/dell-security-advisory-av26-654","title":"Dell security advisory (AV26-654)","summary":"Serial number: AV26-654 Date: July 6, 2026 Between June 29 and July 5, 2026, Dell published security advisories to address vulnerabilities in multiple products: Dell Cyber Recovery – versions prior to 20.1.0.0 Dell Data Protection Advisor – versions 19.9 to 19.12 SP2 Dell Networker – versions prior to 8.0.29 Dell Networker – versions prior to 17.0.5 Dell OpenManage Enterprise Modular – versions prior to 20.20.20 Dell PowerProtect Cyber Recovery – versions prior to cyber-recovery-osupdate-15.4.0-18.bin Dell PowerProtect Data Manager Appliance DM5500 – versions prior to 5.20.1.0 SupportAssist for Business PCs – versions prior to 5.1.1.3567 SupportAssist for Home PCs – versions prior to 5.0.2.2900 The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary updates. Dell Security advisories and notices","link":"https://cyber.gc.ca/en/alerts-advisories/dell-security-advisory-av26-654","severity":"unknown","cvss":null,"cves":[],"exploited":false,"has_exploit":false,"published_at":"2026-07-06T13:16:37+00:00"},{"id":"09ab8914-9aff-4516-9b2f-14fa8b94d5c1","num":86709,"source_id":"cccs","external_id":"https://cyber.gc.ca/en/alerts-advisories/ubuntu-security-advisory-av26-653","title":"Ubuntu security advisory (AV26-653)","summary":"Serial number: AV26-653 Date: July 6, 2026 Between June 29 and July 5, 2026, Ubuntu published security notices to address vulnerabilities in the Linux kernel affecting the following products: Ubuntu 14.04 LTS Ubuntu 20.04 LTS Ubuntu 22.04 LTS Ubuntu 24.04 LTS Ubuntu 25.10 Ubuntu 26.04 LTS The Cyber Centre encourages users and administrators to review the web link provided and apply the necessary updates. Ubuntu Security Notices","link":"https://cyber.gc.ca/en/alerts-advisories/ubuntu-security-advisory-av26-653","severity":"unknown","cvss":null,"cves":[],"exploited":false,"has_exploit":false,"published_at":"2026-07-06T13:10:41+00:00"},{"id":"a846e541-9433-4900-b789-b0cd2ebe75dc","num":86710,"source_id":"cccs","external_id":"https://cyber.gc.ca/en/alerts-advisories/red-hat-security-advisory-av26-652","title":"Red Hat security advisory (AV26-652)","summary":"Serial number: AV26-652 Date: July 6, 2026 Between June 29 and July 5, 2026, Red Hat published security advisories to address vulnerabilities in multiple products. Included were updates to address vulnerabilities in the Linux kernel for the following products: Red Hat CodeReady Linux Builder – multiple versions and platforms Red Hat Enterprise Linux – multiple versions and platforms Red Hat Enterprise Linux Server – multiple versions and platforms The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary updates. Red Hat Security Advisories","link":"https://cyber.gc.ca/en/alerts-advisories/red-hat-security-advisory-av26-652","severity":"unknown","cvss":null,"cves":[],"exploited":false,"has_exploit":false,"published_at":"2026-07-06T13:05:14+00:00"},{"id":"c0c8f1d8-830f-4917-8c96-94c20313a04e","num":19580,"source_id":"cccs","external_id":"https://cyber.gc.ca/en/alerts-advisories/erlang-security-advisory-av26-651","title":"Erlang security advisory (AV26-651)","summary":"Serial number: AV26-651 Date: July 3, 2026 On July 2, 2026, Erlang published security advisories to address vulnerabilities in the following products: OTP – versions prior to 27.3.4.14, 28.5.0.3 and 29.0.3 SSL (OTP) – versions prior to 11.7.3, 11.6.0.3 and 11.2.12.10 The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates. Denial-of-Service for TLS-1.3 server Using Session Tickets DTLS Denial of Service Erlang Security","link":"https://cyber.gc.ca/en/alerts-advisories/erlang-security-advisory-av26-651","severity":"unknown","cvss":null,"cves":[],"exploited":false,"has_exploit":false,"published_at":"2026-07-03T18:41:41+00:00"},{"id":"7e350bae-9cc2-454f-9687-4677fb862a9e","num":19581,"source_id":"cccs","external_id":"https://cyber.gc.ca/en/alerts-advisories/github-security-advisory-av26-650","title":"GitHub security advisory (AV26-650)","summary":"Serial number: AV26-650 Date: July 3, 2026 On June 30, 2026, GitHub published security advisories to address vulnerabilities in the following products: GitHub Enterprise Server – versions 3.21.x prior to 3.21.2 GitHub Enterprise Server – versions 3.20.x prior to 3.20.4 GitHub Enterprise Server – versions 3.19.x prior to 3.19.8 GitHub Enterprise Server – versions 3.18.x prior to 3.18.11 GitHub Enterprise Server – versions 3.17.x prior to 3.17.17 GitHub has stated that future patches and releases will be signed with a new public key, and customers will need to rotate to the new key before those patches and releases can be installed. The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates. Enterprise Server 3.21.2 Enterprise Server 3.20.4 Enterprise Server 3.19.8 Enterprise Server 3.18.11 Enterprise Server 3.17.17","link":"https://cyber.gc.ca/en/alerts-advisories/github-security-advisory-av26-650","severity":"unknown","cvss":null,"cves":[],"exploited":false,"has_exploit":false,"published_at":"2026-07-03T18:36:09+00:00"},{"id":"f39941f5-642c-499c-bb62-9311a6eb5104","num":19582,"source_id":"cccs","external_id":"https://cyber.gc.ca/en/alerts-advisories/watchguard-security-advisory-av26-649","title":"WatchGuard security advisory (AV26-649)","summary":"Serial number: AV26-649 Date: July 3, 2026 On July 2, 2026, WatchGuard published security advisories to address vulnerabilities in the following products: Fireware OS 2025.1 – version 2026.2 and prior Fireware OS 11.x - version 11.12.4_Update1 and prior Fireware OS 12.0 – version 12.12 and prior Fireware OS 12.5 – version 12.5.18 and prior Mobile VPN with SSL client for Windows – version 2026.2 and prior The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates. WatchGuard Firebox Race Condition and Use-After-Free in Mobile VPN with IKEv2 LDAP Authentication WatchGuard Mobile VPN with SSL Windows Client Local Privilege Escalation WatchGuard Security Advisories","link":"https://cyber.gc.ca/en/alerts-advisories/watchguard-security-advisory-av26-649","severity":"unknown","cvss":null,"cves":[],"exploited":false,"has_exploit":false,"published_at":"2026-07-03T14:26:17+00:00"},{"id":"1ecefe42-4c20-4648-a6ae-4961ee30e04a","num":19584,"source_id":"cccs","external_id":"https://cyber.gc.ca/en/alerts-advisories/al26-016-vulnerability-impacting-citrix-netscaler-cve-2026-8451","title":"AL26-016 - Vulnerability impacting Citrix NetScaler CVE-2026-8451","summary":"Number: AL26-016 Date: July 2, 2026 Audience This Alert is intended for IT professionals and managers. Purpose An Alert is used to raise awareness of a recently identified cyber threat that may impact cyber information assets, and to provide additional detection and mitigation advice to recipients. The Canadian Centre for Cyber Security (\"Cyber Centre\") is also available to provide additional assistance regarding the content of this Alert to recipients as requested. Details The Cyber Centre is aware of a vulnerability impacting NetScaler ADC (formerly Citrix ADC), NetScaler Gateway (formerly Citrix Gateway) and NetScaler ADC FIPS (Federal Information Processing Standards) Footnote 1 Footnote 2 . In response to the vendor advisory released on June 30, 2026, the Cyber Centre released AV26-645 on June 30, 2026 Footnote 3 . Tracked as CVE-2026-8451 Footnote 4 , this vulnerability is an insufficient input validation (CWE-125) Footnote 5 vulnerability affecting many NetScaler ADC and NetScaler Gateway versions. If exploited, this vulnerability can lead to memory overread, if NetScaler ADC or NetScaler Gateway is configured as a Security Assertion Markup Language (SAML) Identity Provider (idP). The vulnerability only impacts customer-managed NetScaler ADC and NetScaler Gateway. The cloud services managed by Citrix have been upgraded with the necessary software updates related to this vulnerability. Suggested actions The Cyber Centre recommends that organizations using Citrix NetScaler ADC, NetScaler Gateway, NetScaler ADC FIPS and NFcPP Footnote 1 appliances update or upgrade the affected systems to the following versions: Affected Product Affected Versions Fixed Versions NetScaler ADC and NetScaler Gateway 14.1 14.1 before 14.1-72.61 14.1-72.61 NetScaler ADC and NetScaler Gateway 13.1 13.1 before 13.1-63.18 13.1-63.18 NetScaler ADC FIPS versions prior to 14.1-72.61 FIPS 14.1-72.61 NetScaler ADC FIPS and NDcPP versions prior to 13.1-37.272 13.1-37.272 The Cyber Centre reco","link":"https://cyber.gc.ca/en/alerts-advisories/al26-016-vulnerability-impacting-citrix-netscaler-cve-2026-8451","severity":"unknown","cvss":null,"cves":["CVE-2026-8451","CVE-2026-8452","CVE-2026-8655","CVE-2026-10816","CVE-2026-10817","CVE-2026-13474"],"exploited":false,"has_exploit":true,"published_at":"2026-07-02T19:04:51+00:00"},{"id":"9078c00a-4e22-4aa7-978d-0e14c3fb64c9","num":19585,"source_id":"cccs","external_id":"https://cyber.gc.ca/en/alerts-advisories/progress-security-advisory-av26-552","title":"Progress security advisory (AV26-552) – Update 1","summary":"Serial number: AV26-552 Date: June 5, 2026 Updated: July 2, 2026 Between June 2 and 4, 2026, Progress published security advisories to address vulnerabilities in the following products. Included was a critical update for the following: Sitefinity CMS and Sitefinity Insight – multiple versions Progress Kemp LoadMaster – version GA v7.2.63.1 and prior Progress Kemp LoadMaster - version LTSF v7.2.54.17 and prior Update 1 Open-source reporting indicates that CVE-2026-8037 is being exploited in the wild. The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary updates. Sitefinity Security Advisory for Addressing Security Vulnerabilities CVE-2026-7312, CVE-2026-7198, CVE-2026-7195, CVE-2026-7201, CVE-2026-7313, May 2026 LoadMaster Critical Security Bulletin – June 2026 – (CVE-2026-8037, CVE-2026-33691) Progress Trust Center","link":"https://cyber.gc.ca/en/alerts-advisories/progress-security-advisory-av26-552","severity":"critical","cvss":null,"cves":["CVE-2026-8037","CVE-2026-7312","CVE-2026-7198","CVE-2026-7195","CVE-2026-7201","CVE-2026-7313","CVE-2026-33691"],"exploited":false,"has_exploit":false,"published_at":"2026-07-02T17:55:20+00:00"},{"id":"13273594-bf17-49c8-856c-0a7c13978106","num":19586,"source_id":"cccs","external_id":"https://cyber.gc.ca/en/alerts-advisories/google-chrome-security-advisory-av26-648","title":"Google Chrome security advisory (AV26-648)","summary":"Serial number: AV26-648 Date: July 2, 2026 On June 30, 2026, Google published a security advisory to address vulnerabilities in the following product: Stable Channel Chrome for Desktop – versions prior to 150.0.7871.46/47 (Windows/Mac), and 150.0.7871.46 (Linux) The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary updates, when available. Google Chrome Security Advisory","link":"https://cyber.gc.ca/en/alerts-advisories/google-chrome-security-advisory-av26-648","severity":"unknown","cvss":null,"cves":[],"exploited":false,"has_exploit":false,"published_at":"2026-07-02T17:49:35+00:00"},{"id":"5bb5b06f-0a1d-4eac-89e9-dafc4b3fa88e","num":19587,"source_id":"cccs","external_id":"https://cyber.gc.ca/en/alerts-advisories/cisco-security-advisory-av26-646","title":"Cisco security advisory (AV26-646)","summary":"Serial number: AV26-646 Date: July 2, 2026 On July 1, 2026, Cisco published security advisories to address vulnerabilities in the following: Cisco Catalyst Center Release 2.3.7 – versions prior to 2.3.7.11-VA GSMU100 Cisco Catalyst Center Release 3.1 - versions prior to 3.1.6 GSMU200 Secure Endpoint Connector - multiple versions and platforms The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates, when available. Cisco Catalyst Center Arbitrary File Read Vulnerability ClamAV Vulnerabilities Affecting Cisco Products: July 2026 Cisco Security Advisories","link":"https://cyber.gc.ca/en/alerts-advisories/cisco-security-advisory-av26-646","severity":"unknown","cvss":null,"cves":[],"exploited":false,"has_exploit":false,"published_at":"2026-07-02T17:07:37+00:00"},{"id":"3345f319-15d7-4471-a4a6-aa86761aaea3","num":19588,"source_id":"cccs","external_id":"https://cyber.gc.ca/en/alerts-advisories/al26-015-critical-vulnerability-impacting-microsoft-sharepoint-server-cve-2026-45659","title":"AL26-015 - Critical vulnerability impacting Microsoft SharePoint Server – CVE-2026-45659","summary":"Number: AL26-015 Date: July 2, 2026 Audience This Alert is intended for IT professionals and managers. Purpose An Alert is used to raise awareness of a recently identified cyber threat that may impact cyber information assets, and to provide additional detection and mitigation advice to recipients. The Canadian Centre for Cyber Security (\"Cyber Centre\") is also available to provide additional assistance regarding the content of this Alert to recipients as requested. Details The Canadian Centre for Cyber Security (Cyber Centre) is aware of active exploitation of a vulnerability affecting Microsoft SharePoint Server. In response to the Microsoft security advisory, released on May 21, 2026 Footnote 1 , the Cyber Centre issued AV26-456 Footnote 2 Update 1 on May 21, 2026. Tracked as CVE-2026-45659 Footnote 3 , this vulnerability is a critical Deserialization of Untrusted Data (CWE-502) Footnote 4 vulnerability affecting multiple versions of Microsoft SharePoint Server and could allow a low privileged remote attacker to execute remote code. This vulnerability was added to the Cybersecurity and Infrastructure Security Agency’s (CISA) Known Exploited Vulnerabilities (KEV) catalog Footnote 5 on July 1, 2026. Suggested actions The Cyber Centre recommends that organizations upgrade affected Microsoft SharePoint instances to a fixed version: Affected Product Affected Versions Fixed Versions Microsoft SharePoint Enterprise Server 2016 16.0.0 before 16.0.5552.1002 16.0.5552.1002 Microsoft SharePoint Server 2019 16.0.0 before 16.0.10417.20128 16.0.10417.20128 Microsoft SharePoint Server Subscription Edition 16.0.0 before 16.0.19725.20280 16.0.19725.20280 The Cyber Centre recommends organizations: Identify all on-premises SharePoint Server instances, particularly those exposed to the internet. Use or upgrade to supported versions of on-premises Microsoft SharePoint Server. Apply the latest security updates from Microsoft. Important note: Microsoft SharePoint Enterprise Server 2016","link":"https://cyber.gc.ca/en/alerts-advisories/al26-015-critical-vulnerability-impacting-microsoft-sharepoint-server-cve-2026-45659","severity":"critical","cvss":null,"cves":["CVE-2026-45659"],"exploited":true,"has_exploit":true,"published_at":"2026-07-02T14:37:55+00:00"},{"id":"71a5f297-3931-493a-9ef2-f7a0881c4e30","num":19589,"source_id":"cccs","external_id":"https://cyber.gc.ca/en/alerts-advisories/citrix-security-advisory-av26-645","title":"Citrix security advisory (AV26-645) – Update 1","summary":"Serial number: AV26-645 Date: June 30, 2026 Updated: July 2, 2026 On June 30, 2026, Citrix published a security advisory to address critical vulnerabilities in the following products: NetScaler ADC and NetScaler Gateway - versions 14.1 before 14.1-72.61 NetScaler ADC and NetScaler Gateway - versions 13.1 before 13.1-63.18 NetScaler ADC FIPS – versions before 14.1-72.61 FIPS NetScaler ADC FIPS and NDcPP – versions before 13.1-37.272 Update 1 Open-source reporting indicates that CVE-2026-8451 is being exploited. The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates. NetScaler ADC and NetScaler Gateway Security Bulletin for CVE-2026-8451, CVE-2026-8452, CVE-2026-8655, CVE-2026-10816, CVE-2026-10817, and CVE-2026-13474 Citrix Security Advisories","link":"https://cyber.gc.ca/en/alerts-advisories/citrix-security-advisory-av26-645","severity":"critical","cvss":null,"cves":["CVE-2026-8451","CVE-2026-8452","CVE-2026-8655","CVE-2026-10816","CVE-2026-10817","CVE-2026-13474"],"exploited":false,"has_exploit":true,"published_at":"2026-06-30T17:55:16+00:00"},{"id":"88b38def-8eaa-4089-82e9-3efe2f8136dd","num":19590,"source_id":"cccs","external_id":"https://cyber.gc.ca/en/alerts-advisories/mozilla-security-advisory-av26-644","title":"Mozilla security advisory (AV26-644)","summary":"Serial number: AV26-644 Date: June 30, 2026 On June 30, 2026, Mozilla published a security advisory to address a vulnerability in the following product: Firefox – versions prior to 152.04 Thunderbird – versions prior to 140.12.1 Thunderbird – versions prior to 152.01 The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates. Mozilla Foundation Security Advisory 2026-62 Mozilla Security Advisories","link":"https://cyber.gc.ca/en/alerts-advisories/mozilla-security-advisory-av26-644","severity":"unknown","cvss":null,"cves":[],"exploited":false,"has_exploit":false,"published_at":"2026-06-30T17:38:29+00:00"},{"id":"4958e498-07f5-4a41-9156-e4056daf0764","num":19591,"source_id":"cccs","external_id":"https://cyber.gc.ca/en/alerts-advisories/wolfssl-security-advisory-av26-643","title":"wolfSSL security advisory (AV26-643)","summary":"Serial number: AV26-643 Date: June 30, 2026 On June 23, 2026, wolfSSL published a security advisory to address vulnerabilities in the following product: wolfSSL – versions prior to 5.9.2 The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates. wolfSSL Release 5.9.2 (June 23, 2026) wolfSSL","link":"https://cyber.gc.ca/en/alerts-advisories/wolfssl-security-advisory-av26-643","severity":"unknown","cvss":null,"cves":[],"exploited":false,"has_exploit":false,"published_at":"2026-06-30T14:24:25+00:00"},{"id":"edaad5b6-180a-438c-ba77-1b063da83aca","num":19592,"source_id":"cccs","external_id":"https://cyber.gc.ca/en/alerts-advisories/simplehelp-security-advisory-av26-642","title":"SimpleHelp security advisory (AV26-642)","summary":"Serial number: AV26-642 Date: June 30, 2026 On May 26, 2026, SimpleHelp published a security update to address vulnerabilities in the following product: SimpleHelp – versions 5.5.0 to versions prior to 5.5.16 SimpleHelp – versions 6.0 to versions prior to 6.0 RC2 On June 29, 2026, Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2026-48558 to their Known Exploited Vulnerabilities (KEV) Database. The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary update. SimpleHelp 5.5 and 6.0 Security Fix SimpleHelp Release News CISA KEV: CVE-2026-48558","link":"https://cyber.gc.ca/en/alerts-advisories/simplehelp-security-advisory-av26-642","severity":"unknown","cvss":null,"cves":["CVE-2026-48558"],"exploited":true,"has_exploit":true,"published_at":"2026-06-30T12:28:47+00:00"},{"id":"eeb756e8-a94e-477a-a10b-e86971f1ecbb","num":19593,"source_id":"cccs","external_id":"https://cyber.gc.ca/en/alerts-advisories/apple-security-advisory-av26-641","title":"Apple security advisory (AV26-641)","summary":"Serial number: AV26-641 Date: June 29, 2026 On June 29, 2026, Apple published security advisories to address vulnerabilities in the following products: iOS and iPadOS – versions prior to 26.5.2 macOS Tahoe – versions prior to 26.5.2 Safari – versions prior to 26.5.2 The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates. About the security content of iOS 26.5.2 and iPadOS 26.5.2 About the security content of macOS Tahoe 26.5.2 Apple security releases","link":"https://cyber.gc.ca/en/alerts-advisories/apple-security-advisory-av26-641","severity":"unknown","cvss":null,"cves":[],"exploited":false,"has_exploit":false,"published_at":"2026-06-29T19:08:08+00:00"},{"id":"9504be9a-89ae-46ec-ae7b-a879a8b19716","num":19594,"source_id":"cccs","external_id":"https://cyber.gc.ca/en/alerts-advisories/oracle-security-advisory-av26-526","title":"Oracle security advisory (AV26-526) – Update 1","summary":"Serial number: AV26-526 Date: May 29, 2026 Updated: June 29, 2026 On May 28, 2026, Oracle published a security advisory to address critical vulnerabilities in the following products: Oracle Communications Unified Assurance - versions 6.1.1 to 7.0.0 Oracle Database Server - versions 23.4.0 to 23.26.2 Oracle E-Business Suite - versions 12.2.3 to 12.2.15 Oracle Hospitality OPERA 5 Property Services - versions 5.6.19.24, 5.6.22, 5.6.25.19, 5.6.27.6 and 5.6.28 Oracle REST Data Services - versions 24.2.0 to 26.1.0 Update 1 Open-source reporting indicates that CVE-2026-46817 is being exploited. The Cyber Centre encourages users and administrators to review the provided web links and perform the suggested mitigations. Oracle Critical Security Patch Update Advisory - May 2026 Oracle Critical Patch Updates, Security Alerts and Bulletins","link":"https://cyber.gc.ca/en/alerts-advisories/oracle-security-advisory-av26-526","severity":"critical","cvss":null,"cves":["CVE-2026-46817"],"exploited":false,"has_exploit":false,"published_at":"2026-06-29T17:32:51+00:00"},{"id":"ac82b91b-4f7b-43ba-9fc7-58a5d8a6cd08","num":19595,"source_id":"cccs","external_id":"https://cyber.gc.ca/en/alerts-advisories/microsoft-edge-security-advisory-av26-640","title":"Microsoft Edge security advisory (AV26-640)","summary":"Serial number: AV26-640 Date: June 29, 2026 On June 26, 2026, Microsoft published a security update to address vulnerabilities in the following product: Microsoft Edge Stable Channel – versions prior to 149.0.4022.98 The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary update. Microsoft Edge Stable Channel Release Notes","link":"https://cyber.gc.ca/en/alerts-advisories/microsoft-edge-security-advisory-av26-640","severity":"unknown","cvss":null,"cves":[],"exploited":false,"has_exploit":false,"published_at":"2026-06-29T17:26:07+00:00"}]}