Dozens of Vendors Patch Critical and High-Risk Flaws
🔒 SAP, Microsoft, Adobe and many other vendors released patches this month for multiple critical and high‑risk vulnerabilities, including remote code execution and authentication bypasses. SAP addressed two critical flaws — CVE-2019-17571 (Log4j 1.2.17, CVSS 9.8) and CVE-2026-27685 (insecure deserialization, CVSS 9.1) — while Microsoft and Adobe shipped fixes for dozens more. Hewlett Packard Enterprise patched an Aruba AOS‑CX authentication bypass (CVE-2026-23813, CVSS 9.8). Organizations should prioritize fixes for RCE, insecure deserialization, and authentication-bypass issues on Internet-facing and management interfaces.
