A new vulnerability, CVE-2024-42195, has been identified in HCL DevOps Deploy and HCL Launch, enabling users to embed arbitrary HTML tags in the Web UI, causing potential sensitive information disclosure. HCL Software has urged users to update their systems to safeguard against exploitation. No workarounds or alternative mitigations are currently available.

Ivanti patches serious Connect Secure flaw
Ivanti has patched a critical flaw in its Connect Secure VPN reportedly exploited by Chinese state-backed actors. Identified as CVE-2025-22457, the buffer overflow vulnerability was