CYBERNEWSMEDIA Network:||
CYBERNEWSMEDIA
CYBERNEWSMEDIA

Cybersecurity News, Insights & Analysis

Latest
TrueConf Zero-Day Exploited in Asian Government Attacks
In Other News: ChatGPT Data Leak, Android Rootkit, Water Facility Hit by Ransomware
Critical ShareFile Flaws Lead to Unauthenticated RCE
Mobile Attack Surface Expands as Enterprises Lose Control
React2Shell Exploited in Large-Scale Credential Harvesting Campaign
AD · 970×250

Vulnerabilities

Atlassian, GitLab, Zoom Release Security Patches

Fixes were rolled out for over two dozen vulnerabilities, including critical- and high-severity bugs. The post Atlassian, GitLab, Zoom Release Security Patches appeared first on SecurityWeek.

Atlassian security updates

Atlassian, GitLab, and Zoom this week announced security patches that address over two dozen vulnerabilities across their products.

Updates rolled out for Atlassian’s Bamboo, Bitbucket, Confluence, Crowd, and Jira products include 32 security patches for critical- and high-severity vulnerabilities.

Most of the flaws impact third-party dependencies and were publicly disclosed over the past two years. Three of these bugs, however, are from 2021 and 2022.

Atlassian’s January 2026 security bulletin mentions two critical defects in Bamboo and Confluence Data Center and Server, tracked as CVE-2025-12383 and CVE-2025-66516, and impacting Eclipse Jersey and Apache Tika, respectively.

According to Atlassian’s advisories, the flaws present “a lower, non-critical assessed risk” to its users.

All the remaining 23 CVEs listed in the company’s security bulletin are high-severity vulnerabilities, and for 22 of them, Atlassian mentions the third-party dependency affected.

The bulletin also lists CVE-2026-21569, an XXE (XML External Entity) injection bug in Crowd Data Center and Server that could allow an authenticated attacker to access content without user interaction.

On Wednesday, GitLab released GitLab Community Edition (CE) and Enterprise Edition (EE) versions 18.8.2, 18.7.2, and 18.6.4 with fixes for five vulnerabilities.

Three of the bugs, tracked as CVE-2025-13927, CVE-2025-13928, and CVE-2026-0723, are high-severity issues that could lead to denial-of-service (DoS) conditions or two-factor authentication (2FA) bypasses.

The remaining flaws are medium-severity defects that could lead to DoS conditions, GitLab notes in its advisory.

Zoom this week announced fixes for a critical-severity command injection vulnerability in Node Multimedia Routers (MMRs).

Tracked as CVE-2026-22844 (CVSS score of 9.9), the issue could allow meeting participants to execute arbitrary code remotely on the MMR.

Zoom resolved the flaw in the Node Meetings Hybrid (ZMH) MMR module and Node Meeting Connector (MC) MMR module version 5.2.1716.0.

Users are advised to review the Atlassian, GitLab, and Zoom security bulletins and update their instances as soon as possible.

Related: Oracle’s First 2026 CPU Delivers 337 New Security Patches

Related: TP-Link Patches Vulnerability Exposing VIGI Cameras to Remote Hacking

Related: Cisco Patches Vulnerability Exploited by Chinese Hackers

Related: Fortinet Patches Critical Vulnerabilities in FortiFone, FortiSIEM

Latest News

CYBERNEWSMEDIAPublisher