Dozens of Vendors Patch Security Flaws Across Enterprise Software and Network Devices

SAP has put out security updates to fix two serious security holes that could let hackers run any code they want on affected systems This article explores vulnerability sap. . The following vulnerabilities are being talked about: CVE-2019-17571 (CVSS score: 9.8) - A code injection vulnerability in SAP Quotation Management CVE-2026-27685 (CVSS score: 9.1) for the insurance application FS-QUO - A security hole in SAP NetWeaver Enterprise Portal Administration that lets you deserialize data without security.

SAP security company Onapsis said, "The application uses an old version of Apache Log4j 1.2.17 that is vulnerable to CVE-2019-17571."

"It lets an attacker with no privileges run any code on the server from a distance, which has a big effect on the application's confidentiality, integrity, and availability." CVE-2026-27685, on the other hand, comes from not validating or not validating enough when deserializing uploaded content, which could let an attacker upload untrusted or malicious content. "Onapsis said, "The only thing that keeps the vulnerability from getting a CVSS score of 10 is that an attacker needs high privileges to exploit it."

Microsoft recently released patches for 84 security holes in its products, including many that let hackers gain higher privileges or run code remotely.

Adobe also announced patches for 80 security holes on Tuesday. Four of these are critical flaws that affect Adobe Commerce and Magento Open Source and could let hackers gain more access and bypass security features. It also fixed five serious security holes in Adobe Illustrator that could let anyone run any code.

Hewlett Packard Enterprise also released fixes for five problems with Aruba Networking AOS-CX. CVE-2026-23813 (CVSS score: 9.8) is the most serious flaw. It is an authentication bypass that affects the management interface. HPE said, "There is a security hole in the web-based management interface of AOS-CX switches that could let an unauthenticated remote actor get around existing authentication controls."

"This might let you reset the admin password in some cases." Ross Filipek, CISO at Corsica Technologies, said in a statement, "If this Aruba vulnerability is exploited, attackers could potentially gain full control of AOS-CX network devices and compromise an entire system without being detected." "A successful breach could cause network communications to stop working or damage the integrity of important business services."

This flaw is a reminder that network devices are becoming more vulnerable in today's world, which is very connected.

Organizations are at great risk when attackers get privileged access to these devices. Over the past few weeks, other companies, such as ABB and Amazon Web Services, have also released security updates to fix a number of holes. AMD Arm Atlassian, Bosch, Broadcom (including VMware) Canon, Cisco, Commvault, Dassault Systèmes, Dell, and Devolutions Google Android and Pixel, GitLab, Google Chrome, Drupal, Elastic, F5, Fortinet, Fortra, Foxit Software, and GitLab Google Cloud, Google Pixel Watch, Google Wear OS, Grafana, Hitachi Energy, Honeywell, HP, HP Enterprise (which includes Aruba Networking and Juniper Networks), IBM Intel Ivanti Jenkins Lenovo Linux distributions AlmaLinux, Alpine Linux, Amazon Linux, Arch Linux, Debian, Gentoo, Oracle Linux, Mageia, Red Hat, Rocky Linux, SUSE, and Ubuntu MediaTek Mitsubishi Electric Moxa Mozilla Firefox, NVIDIA, Palo Alto Networks, QNAP, Qualcomm, Ricoh, Samsung, Schneider Electric, ServiceNow, Siemens, SolarWinds, Splunk, Synology, TP-Link, Trend Micro, and WatchGuard are all companies that make software for Firefox ESR and Thunderbird.

Zyxel, Western Digital Zoom, and