VYPR
patchPublished Jul 15, 2026· 1 source

Multiple Vendors Release Critical Updates for Browsers, Adobe Products, and VMware

Mozilla, Google, Adobe, and Broadcom have issued urgent security updates to address a range of critical vulnerabilities affecting their popular software products.

Mozilla has released critical updates for its Firefox browser to patch two vulnerabilities, CVE-2026-15718 and CVE-2026-15719. The first, an invalid pointer issue within the WebAssembly component, and the second, a site isolation flaw in the DOM: Navigation component, have seen exploit code published publicly. While Mozilla has stated it is not aware of any active exploitation in the wild, the availability of exploit code underscores the urgency for users to update to Firefox version 152.0.6.

Simultaneously, Google has addressed 15 security flaws in its Chrome browser, including two critical use-after-free vulnerabilities in the Ozone abstraction layer. These flaws, identified as CVE-2026-15764 and CVE-2026-15765, could allow remote attackers to exploit heap corruption through specially crafted HTML pages. Patches are available for Chrome versions 150.0.7871.124/.125 on Windows and Mac, and 150.0.7871.124 on Linux.

Adobe has also been busy, releasing security updates for a staggering 88 vulnerabilities across multiple products. Notably, eight critical flaws impacting Adobe ColdFusion have been remediated, including a path traversal vulnerability (CVE-2026-48318) with a CVSS score of 9.9 that could lead to arbitrary code execution, and a code injection vulnerability (CVE-2026-48322) with a CVSS score of 9.6. These issues are fixed in ColdFusion 2025 Update 11 and ColdFusion 2023 Update 22.

Further Adobe updates address critical vulnerabilities in Adobe Commerce, Magento Open Source, and Adobe Experience Manager. These include a file upload flaw in Commerce/Magento (CVE-2026-48356) and server-side request forgery (CVE-2026-48259) and XML external entity (CVE-2026-48359) vulnerabilities in Experience Manager, all carrying high CVSS scores and potential for significant compromise.

In the virtualization space, Broadcom has issued a fix for a critical authentication bypass vulnerability (CVE-2026-47865) in VMware Avi Load Balancer. This flaw, with a CVSS score of 9.8, could allow a network-accessible malicious user to gain access to the Avi Control plane. Filip Waeytens of the NATO Cyber Security Centre is credited with discovering this vulnerability.

While none of these newly disclosed vulnerabilities are confirmed to be actively exploited in the wild, the sheer volume and severity of the flaws across these widely used platforms highlight a persistent and evolving threat landscape. Organizations are strongly advised to prioritize the application of these patches to mitigate potential risks.

Synthesized by Vypr AI