Two versions of IBM Cognos Analytics are vulnerable to cross-site scripting that could lead to an attacker obtaining private credentials.

Sources: IBM, NIST

Mozilla released security updates for Network Security Services to address a vulnerability that could allow an attacker to take control of affected systems.

Sources: Mozilla, CISA

Certain versions of FortiClientWindows and FortiClientEMS could allow an attacker to perform a DLL Hijack attack on affected devices due to a search path vulnerability.

Sources: Fortinet, NIST

Versions of MikroTik RouterOS through 6.42 have a path traversal vulnerability in the WinBox interface.

Sources: MikroTik, GitHub, CISA

Versions 2.4.48 and before of the Apache HTTP server are vulnerable to path traversal and remote code execution vulnerabilities.

Sources: Apache, NetApp, NIST

Qualcomm has an improper input validation vulnerability that can lead to memory corruption due to improper check to return error when a user requests memory allocation of a large size in eight Snapdragon products.

Sources: CISA, Qualcomm

CISA added five more vulnerabilities to its Known Exploited Vulnerabilities Catalog. These are vulnerabilities that are actively being exploited.

Sources: CISA, CISA

Trend Micro Antivirus for Mac 2021 v11 has an improper access control privilege escalation vulnerability.

Sources: Trend Micro, Zero Day Initiative, NIST