Wiz Research has discovered several vulnerabilities in the ingress-nginx Controller for Kubernetes. These vulnerabilities could expose all secrets stored across all namespaces in the Kubernetes cluster.

Fortra is actively researching multiple vulnerabilities impacting rsync: CVE-2024-12084: CVSS 3.1: 9.8, CVE-2024-12085: CVSS 3.1: 7.5, CVE-2024-12086: CVSS 3.1: 6.1, CVE-2024-12087: CVSS 3.1: 6.5, CVE-2024-12088: CVSS 3.1: 6.5, CVE-2024-12747: CVSS 3.1: 5.6.

Fortra is actively researching a critical authentication bypass vulnerability CVE-2024-55591 in the Node.js websocket module affecting FortiOS firewalls and FortiProxy web gateways. This vulnerability affects FortiOS firewalls and FortiProxy web gateways and has been exploited as a zero-day by attackers to compromise publicly-exposed FortiGate firewalls.

Fortra is actively researching vulnerabilities in Ivanti Connect Secure, Policy Secure, and ZTA Gateways – CVE-2025-0282 and CVE-2025-0283. Successful exploitation of CVE-2025-0282 could lead to unauthenticated remote code execution, while CVE-2025-0283 could allow a local authenticated attacker to escalate privileges. Ivanti has begun to release patches for these vulnerabilities, and customers should upgrade as soon as relevant patches are released.

Fortra is actively researching a vulnerability in the DNS Security feature of Palo Alto Networks PAN-OS software – CVE-2024-3393. This vulnerability could allow an unauthenticated attacker to send a malicious packet through the data plane of the firewall that reboots the firewall. Repeated attempts to trigger this condition will cause the firewall to enter maintenance mode. Palo Alto has released fixes for this vulnerability, and customers are encouraged to update to a fixed version as soon as possible.