Data Privacy & Cybersecurity

NetBox Cross-Site Scripting Vulnerability Advisory

CERT-Bund has issued a security advisory for NetBox, detailing a vulnerability that allows for Cross-Site Scripting attacks. The advisory affects NetBox version 4.3.5 and provides information on mitigation strategies.

Gitea Vulnerabilities Allow Bypass, Data Manipulation, Disclosure

CERT-Bund has issued a security advisory for Gitea, detailing multiple vulnerabilities with a CVSS base score of 7.3. These vulnerabilities can allow attackers to bypass security measures, manipulate data, and disclose confidential information. Users are advised to update to Gitea version 1.25.5 or later.

Kubernetes Vulnerability Allows Remote File Manipulation

CERT-Bund has issued a security advisory (WID-SEC-2026-0738) regarding a vulnerability in Kubernetes that allows remote authenticated attackers to manipulate files. The vulnerability affects the Open Source Kubernetes CSI Driver for NFS versions prior to 4.13.1 and has a CVSS Base Score of 6.5.

libexif Vulnerability Allows Code Execution and Denial-of-Service

CERT-Bund has issued a security advisory regarding a vulnerability in the libexif library (versions <=0.6.25). The vulnerability allows local attackers to execute arbitrary code, cause a denial-of-service, or disclose confidential information. Mitigation is available.

FFmpeg Vulnerability Allows Denial of Service and Information Disclosure

CERT-Bund has issued a security advisory (WID-SEC-2026-0740) regarding a vulnerability in the FFmpeg RV60 video decoder. The vulnerability allows remote attackers to cause a Denial of Service or disclose information. Affected versions include Open Source ffmpeg <8.1, 8.0, and 8.0.1.

CPython Vulnerabilities Allow File Manipulation and DoS

CERT-Bund has issued a security advisory regarding multiple vulnerabilities in CPython versions prior to 3.15.0. These vulnerabilities can be exploited by authenticated remote attackers to manipulate files or cause a denial-of-service condition. The advisory provides mitigation information for affected systems.

Octopus Deploy Vulnerability Allows Remote File Manipulation

CERT-Bund has issued a security advisory for Octopus Deploy, detailing a vulnerability that allows remote authenticated attackers to manipulate files. The advisory affects specific versions of Octopus Deploy running on Linux and Windows and provides mitigation information.

OpenClaw AI Assistant Vulnerabilities

CERT-Bund has issued a security advisory for OpenClaw, an AI assistant, detailing multiple vulnerabilities with a high CVSS base score of 8.1. The advisory urges users to mitigate the risks associated with privilege escalation and confidential information disclosure.

ImageMagick Vulnerability Allows Remote Denial of Service

CERT-Bund has issued a security advisory for ImageMagick, detailing a vulnerability that allows remote denial of service attacks. The advisory affects versions prior to Open Source ImageMagick <7.1.2-17 and <6.9.13-42, impacting Linux, UNIX, and Windows systems.

Mattermost Vulnerabilities: Remote Attack Possible

CERT-Bund has issued a security advisory regarding multiple vulnerabilities in Mattermost Server versions prior to 11.4.0, 11.3.1, 11.2.3, 10.11.11, 11.6.0, 10.11.13, 11.5.1, 11.4.3, and 10.11.13. These vulnerabilities have a CVSS base score of 7.3 and allow for remote attacks.