Since it's Patch Tuesday, several software providers have made patches available for a range of security flaws that affect their goods and services This article explores vulnerabilities fixed sap. . Six actively exploited zero-days in different Windows components were among the 59 vulnerabilities that Microsoft fixed.

These flaws could be used to circumvent security measures, escalate privileges, and cause a denial-of-service (DoS) condition. Updates for Audition, After Effects, InDesign Desktop, Substance 3D, Bridge, Lightroom Classic, and DNG SDK were also made available by Adobe. According to the company, none of the flaws are being exploited in the wild.

Two critical-severity vulnerabilities were fixed by SAP, including a code injection flaw in SAP CRM and SAP S/4HANA (CVE-2026-0488, CVSS score: 9.9) that allowed an authenticated attacker to execute any SQL statement and compromise the entire database. In SAP NetWeaver Application Server ABAP and ABAP Platform, the second critical vulnerability is a case of a missing authorization check (CVE-2026-0509, CVSS score: 9.6) that may allow a low-privileged, authenticated user to execute specific background Remote Function Calls without the necessary S_RFC authorization. Onapsis stated that "customers must implement a kernel update and set a profile parameter" in order to fix the vulnerability.

It may be necessary to modify user roles and UCON settings in order to prevent business processes from being disrupted." Completing the list, Intel and Google reported that they collaborated to analyze the security of Intel Trust Domain Extensions (TDX) 1.5, finding nearly three dozen flaws, vulnerabilities, and recommendations for improvement in addition to five module vulnerabilities (CVE-2025-32007, CVE-2025-27940, CVE-2025-30513, CVE-2025-27572, and CVE-2025-32467). According to Google, "Intel TDX 1.5 introduces new features and functionality that bring confidential computing significantly closer to feature parity with traditional virtualization solutions."

"A highly privileged software component in the TCB [Trusted Computing Base] has become more complex as a result of these features." ### Other Vendor Software Patches Other vendors, such as ABB Amazon Web Services, have also released security updates in recent weeks to address a number of vulnerabilities. AMD, AMI, Apple, ASUS, AutomationDirect, AVEVA, Broadcom, and VMware Check Point for Canon Cisco Citrix ConnectWise Commvault D-Link Dassault Systèmes Dell Devolutions dormakaba Drupal F5 Fortinet Foxit Software Gigabyte GitLab Google Android and Pixel Google Chrome FUJIFILM Fujitsu Aruba Networking and Juniper Networks are included in Google Cloud Grafana Hikvision Hitachi Energy HP HP Enterprise.

AlmaLinux, Alpine Linux, Amazon Linux, Arch Linux, Debian, Gentoo, Oracle Linux, Mageia, Red Hat, Rocky Linux, SUSE, and other Linux distributions from IBM Intel Ivanti Lenovo NVIDIA Phoenix Contact QNAP Qualcomm Ricoh Rockwell Automation, Ubuntu MediaTek, Mitsubishi Electric MongoDB, Mozilla Firefox, and Thunderbird n8n Siemens SolarWinds Splunk Spring Framework Samsung Schneider Electric ServiceNow The TP-Link WatchGuard from Supermicro Synology Zoom in Zoho ManageEngine and Zyxel