A popular WordPress plugin that allows site owners to easily customize the contact form has a critical vulnerability that can be exploited to download and remotely modify the site's database, and gain access and control of the site - no account or authentication needed.
Symantec has issued updates for its Endpoint Protection solution that fix the zero-day escalation of privilege vulnerability recently discovered by Offensive Security researchers.
Developers of the I2P anonymous networking tool have released a new version (0.9.14) of the tool that fixes XSS and remote execution vulnerabilities reported by Exodus Intelligence.
Oracle's Quarterly Critical Patch Update (CPU) is never a minor event.
Microsoft has released the patches and it is a relatively light month.