Critical Vulnerability in TP-Link Archer Products
The Cyber Security Agency of Singapore has issued a critical alert regarding multiple vulnerabilities in TP-Link Archer products (NX200, NX210, NX500, NX600). Users are strongly advised to update affected product firmware immediately to mitigate risks of unauthorized access and command execution.
CISA Advisory: OpenCode Systems OC Messaging and USSD Gateway Vulnerability
CISA has issued an advisory regarding a critical vulnerability (CVE-2025-70614) in OpenCode Systems OC Messaging and USSD Gateway versions 6.32.2. Successful exploitation could allow an authenticated low-privileged user to gain unauthorized access to SMS messages. OpenCode Systems has released version 6.33.11 to address the vulnerability.
CISA Adds CVE-2026-33634 to Known Exploited Vulnerabilities Catalog
CISA has added CVE-2026-33634, an Aqua Security Trivy vulnerability, to its Known Exploited Vulnerabilities (KEV) Catalog due to evidence of active exploitation. This action mandates remediation for Federal Civilian Executive Branch (FCEB) agencies under Binding Operational Directive (BOD) 22-01.
WAGO Industrial Managed Switches Vulnerability Disclosed
CISA has disclosed a critical vulnerability (CVE-2026-3587) affecting multiple versions of WAGO Industrial Managed Switches. An unauthenticated remote attacker can exploit a hidden function in the CLI prompt to gain full compromise of the device. Affected sectors include Commercial Facilities, Critical Manufacturing, Energy, and Transportation Systems.
PTC Windchill Vulnerability Allows Remote Code Execution
CISA issued an advisory regarding a critical remote code execution vulnerability (CVE-2026-4681) affecting multiple versions of PTC Windchill and FlexPLM. Successful exploitation could allow an attacker to gain control of affected systems.
Multiple Cisco IOS and IOS XE Vulnerabilities Identified
CERT-FR has issued an advisory regarding multiple vulnerabilities discovered in Cisco IOS and IOS XE. These vulnerabilities could allow a remote attacker to cause a denial-of-service condition or bypass security policies. Cisco has released security bulletins with details and patches.
Microsoft Product Vulnerabilities Identified
CERT-FR has issued an advisory regarding multiple vulnerabilities discovered in Microsoft products. These vulnerabilities could allow an attacker to exploit unspecified security issues. Users are advised to consult Microsoft's security bulletins for patch information.
Multiple Grafana Vulnerabilities Allow Remote Code Execution
CERT-FR has issued an advisory regarding multiple critical vulnerabilities discovered in Grafana software. These vulnerabilities, identified as CVE-2026-27876 and CVE-2026-27880, can allow remote attackers to execute arbitrary code or cause a denial of service.
Multiple ISC BIND Vulnerabilities Disclosed
CERT-FR has issued a security advisory regarding multiple vulnerabilities discovered in ISC BIND software. These vulnerabilities could lead to data confidentiality breaches, security policy bypass, and remote denial-of-service attacks. Affected versions require immediate patching.
Garante Privacy Fines Enel Energia Over €500k for Telemarketing Violations
Italy's Garante Privacy has fined Enel Energia over €500,000 for alleged violations related to telemarketing practices. The newsletter also mentions other enforcement actions concerning online advertisements, debt collection communications, and risks to minors on websites and apps.
Docker Vulnerabilities Advisory
CERT-Bund has issued an advisory regarding multiple vulnerabilities in Docker, with a CVSS base score of 8.8. The vulnerabilities allow local attackers to bypass security measures and disclose information. A patch is available.
Red Hat Enterprise Linux ncurses Vulnerability Allows Code Execution
CERT-Bund has issued an advisory for a vulnerability in Red Hat Enterprise Linux (ncurses) that allows local attackers to execute arbitrary code. The advisory assigns a CVSS Base Score of 7.3 (high) and a Temporal Score of 6.4 (medium). Mitigation is available.
Cisco IOS/XE Vulnerabilities - Remote Attack Possible
CERT-Bund has issued a security advisory regarding multiple vulnerabilities in Cisco IOS and IOS XE software, with a CVSS base score of 8.6. These vulnerabilities allow for remote attacks, potentially leading to extended privileges, code execution, and denial-of-service conditions. Mitigation measures are available.
Cisco Catalyst SD-WAN Manager XSS Vulnerability
CERT-Bund has issued a security advisory for Cisco Catalyst SD-WAN Manager, detailing a Cross-Site Scripting (XSS) vulnerability. The advisory provides affected product versions and a CVSS score indicating a medium severity. Mitigation guidance is available.
IBM Operational Decision Manager Vulnerabilities
CERT-Bund has issued a security advisory regarding multiple vulnerabilities in IBM Operational Decision Manager. The vulnerabilities, with a base CVSS score of 7.4, allow attackers to bypass security measures and manipulate files. Affected versions include various interim fixes across multiple release lines.
libpng Vulnerabilities Allow Remote Code Execution and Denial of Service
CERT-Bund has issued a security advisory regarding multiple vulnerabilities in the libpng library, affecting versions prior to 1.6.56. These vulnerabilities could allow remote attackers to execute arbitrary code or cause a denial of service. The advisory provides mitigation information and details on affected systems.
SolarWinds Platform XSS Vulnerabilities Identified
CERT-Bund has issued a security advisory regarding multiple vulnerabilities in the SolarWinds Platform that could allow for Cross-Site Scripting (XSS) attacks. The advisory provides details on affected versions and mitigation strategies. The identified vulnerabilities have a CVSS Base Score of 6.5, rated as medium.
Langflow Vulnerability Allows File Manipulation
CERT-Bund has issued a security advisory for Langflow versions prior to 1.5.1 and Langflow Base prior to 0.5.1, detailing a vulnerability that allows remote, authenticated attackers to manipulate files. The advisory highlights a CVSS base score of 8.8, indicating a high severity.
IBM InfoSphere Information Server Vulnerability Allows Security Bypass
CERT-Bund has issued a security advisory for IBM InfoSphere Information Server, detailing a vulnerability that allows remote attackers to bypass security measures. The advisory provides a CVSS base score of 6.5 and affects versions prior to 11.7.1.6 DT458455 on Linux, UNIX, and Windows systems.
Cisco IOS, IOS XE, Secure Firewall Threat Defense Denial of Service Vulnerability
CERT-Bund has issued a security advisory regarding a Denial of Service vulnerability affecting Cisco IOS, Cisco IOS XE, and Cisco Secure Firewall Threat Defense. The vulnerability has a CVSS Base Score of 8.6 and can be exploited remotely.
OpenBao Vulnerabilities Allow Security Bypass and XSS Attacks
CERT-Bund has issued a security advisory for OpenBao, detailing critical vulnerabilities (CVSS Base Score 9.6) that allow remote attackers to bypass security measures or perform XSS attacks. The advisory affects Open Source OpenBao versions prior to 2.5.2 running on Linux and UNIX.
RealObjects PDFreactor Multiple Vulnerabilities
CERT-Bund has issued a security advisory regarding multiple vulnerabilities in RealObjects PDFreactor versions prior to 12.5. The vulnerabilities have a high CVSS base score of 8.8 and allow for remote attacks, potentially leading to code execution, denial-of-service, data manipulation, and information disclosure. Mitigation is available.
BIND Vulnerabilities Allow Remote Denial of Service Attacks
CERT-Bund has issued a security advisory regarding multiple vulnerabilities in Internet Systems Consortium BIND software. These vulnerabilities, with a CVSS Base Score of 7.5, could allow remote attackers to perform denial-of-service attacks or bypass security measures. Affected versions include BIND <9.18.47, <9.20.21, and <9.21.20.
GIMP Vulnerability: Denial of Service and Information Disclosure
CERT-Bund has issued a security advisory for GIMP, detailing a vulnerability that could allow remote attackers to cause a denial of service or disclose information. The advisory provides a CVSS Base Score of 4.4 (medium) and a Temporal Score of 4.1 (medium). Mitigation measures are not yet available.
IBM License Metric Tool Vulnerabilities
CERT-Bund has issued a security advisory regarding multiple vulnerabilities in IBM License Metric Tool versions prior to 9.2.43. The vulnerabilities, with a CVSS base score of 7.5, could allow remote attackers to disclose information, perform cross-site scripting attacks, or cause a denial of service. Mitigation is available.
FreeRDP Vulnerabilities Allow Remote Code Execution, DoS
CERT-Bund has issued a security advisory regarding multiple vulnerabilities in FreeRDP, a Remote Desktop Protocol implementation. The vulnerabilities could allow remote attackers to execute arbitrary code, cause denial-of-service, or disclose sensitive information. The advisory affects Fedora Linux and Open Source FreeRDP versions prior to 3.24.2.
Linux Kernel Multiple Vulnerabilities
CERT-Bund has issued a security advisory regarding multiple vulnerabilities in the Linux Kernel, with a base CVSS score of 7.3. The advisory indicates that remote attacks are possible and mitigation measures are available. The affected products include the Open Source Linux Kernel.
FreeBSD OS Vulnerabilities Allow DoS, Code Execution, Bypass
CERT-Bund has issued a security advisory for FreeBSD OS, detailing multiple vulnerabilities with a CVSS base score of 7.5. Exploitation could lead to denial of service, arbitrary code execution, and security bypass. The advisory affects FreeBSD OS versions prior to 15.0, 14.4, and 13.5.
n8n Workflow Tool Critical Vulnerabilities
CERT-Bund has issued a security advisory for the n8n workflow automation tool, highlighting critical vulnerabilities with a CVSS score of 9.9. The advisory affects versions prior to n8n <2.13.4 and warns of potential remote attacks leading to privilege escalation, code execution, and data manipulation.
Znuny Vulnerabilities - Remote Attack Possible
CERT-Bund has issued a security advisory for Znuny, an open-source ticketing software, detailing multiple vulnerabilities with a CVSS base score of 7.5. These vulnerabilities allow for remote attacks, including information disclosure, data manipulation, and cross-site scripting. Mitigation is available.
ICO fines TMAC Ltd £100,000 for PECR breaches
The UK's Information Commissioner's Office (ICO) has fined TMAC Ltd £100,000 for breaches of the Privacy and Electronic Communications Regulations (PECR). The company made over 260,000 unsolicited marketing calls to individuals registered on the Telephone Preference Service and failed to provide required caller information.
Langflow Code Injection Vulnerability CVE-2026-33017
CISA has added a critical code injection vulnerability (CVE-2026-33017) in Langflow versions prior to 1.9.0 to its Known Exploited Vulnerabilities (KEV) catalog. The vulnerability allows unauthenticated remote code execution due to improper handling of attacker-controlled Python code in public flow definitions.
Brazil Court Limits Identifiable Data Sharing Without Consent
Brazil's Superior Court of Justice has ruled that identifiable registration data, such as names and estimated income, cannot be shared with third parties by credit bureaus without explicit consent. This decision clarifies the interpretation of Brazil's General Data Protection Law (LGPD) in the credit market, distinguishing between internal credit risk analysis and external data sharing.
DataGrail AI Agent Automates Privacy Compliance
DataGrail has released its Vera AI agent, embedded within its existing platform, to help privacy teams automate compliance tasks and risk assessments. The tool aims to address the challenges of integrating AI into privacy operations and meet jurisdictional data privacy requirements, particularly in light of increasing AI investments.
ISO 20022: Removal of Unstructured Addresses by November 2026
SWIFT has announced that unstructured postal addresses will be removed from ISO 20022 payment messages by November 2026. This change, driven by community request, aims to improve data quality, enable greater automation, and enhance compliance screening in cross-border payments.
Critical NetScaler ADC/Gateway Vulnerability Alert
The Cyber Security Agency of Singapore (CSA) has issued an alert regarding critical vulnerabilities in NetScaler ADC and NetScaler Gateway. Users are strongly advised to update their systems immediately to mitigate risks of sensitive information disclosure and session compromise.
INCIBE Fined 2,000 Euros for GDPR Breach
The Spanish Data Protection Agency (AEPD) has upheld a 2,000 Euro fine against INCIBE for a GDPR breach. The breach occurred on INCIBE's Moodle training platform, exposing student names, emails, cities, and countries due to a default privacy configuration error. INCIBE appealed the initial resolution.
EUSKALTEL fined €100,000 for GDPR non-compliance
The Spanish Data Protection Agency (AEPD) has fined EUSKALTEL €100,000 for non-compliance with GDPR, specifically related to a violation of Article 58.2 and Article 83.6. The company was ordered to comply with imposed measures within three months. This resolution is on appeal from a prior decision.
EDPB Guidelines on Processing Personal Data Based on Legitimate Interests
The European Data Protection Board (EDPB) has issued Guidelines 1/2024 for public consultation, focusing on the lawful processing of personal data under Article 6(1)(f) of the GDPR, specifically the 'legitimate interests' basis. The guidelines also address the relationship between this legal basis and data subject rights. The consultation period closes on November 20, 2024.
ICO and Ofcom Joint Statement on Age Assurance
The UK's ICO and Ofcom have issued a joint statement clarifying the interaction between online safety and data protection laws concerning age assurance for online services. The statement aims to assist organisations in complying with both sets of obligations when protecting children online.
Citrix NetScaler ADC/Gateway Vulnerabilities
The UK NCSC has issued an alert regarding two critical vulnerabilities (CVE-2026-3055 and CVE-2026-4368) affecting Citrix NetScaler ADC and Gateway products used by UK organizations. Immediate action is recommended to install updated versions and mitigate potential security risks.