Germany

Mysimba Cardiovascular Risk and Annual Assessment Requirements

BfArM, in agreement with EMA, issued a Direct Healthcare Professional Communication regarding Mysimba (naltrexone/bupropion). The communication addresses long-term cardiovascular risks that have not been fully determined for patients treated beyond one year. New recommendations include discontinuation of treatment after one year if patients have not maintained at least 5% weight loss, and mandatory annual cardiovascular risk assessments for treatment continuation decisions.

Eberth Antibiotics - Outdated Package Inserts Create Patient Safety Risk

Dr. Friedrich Eberth Arzneimittel GmbH issued a Direct Healthcare Professional Communication (DHPC) via BfArM alerting that certain batches of nine antibiotic and antifungal products have outdated package inserts, creating a potential patient safety risk. Affected products include multiple strengths of cefazolin, cefotaxime, ceftazidime, ceftriaxone, levofloxacin, moxifloxacin, and voriconazole. Healthcare professionals are advised to discard outdated package inserts and refer to the current package inserts provided with the communication.

Accupaque Visipaque Batch Risk Alert: Particle Contamination in Iohexol Iodixanol Solutions

GE Healthcare Buchler GmbH & Co. KG issued a Direct Healthcare Professional Communication (DHPC) alerting to a potential risk of particles in certain batches of Accupaque (iohexol) and Visipaque (iodixanol) solutions for injection filled into polypropylene bottles. The company instructs that only clear, particle-free solutions may be used per the Summary of Product Characteristics (SmPC), and this must be verified prior to administration.

Phenhydan Injection: DHPC on Visual Particles, Filter Required

BfArM published an updated DHPC from Desitin Arzneimittel GmbH regarding Phenhydan solution for injection (phenytoin sodium), following particle contamination identified in batch 021950 during official sample analysis. The company clarified that a syringe filter with 0.2-0.45 µm pore size must be used when drawing up the solution, then removed before patient administration. This supersedes the November 2025 filter guidance which was corrected for accuracy.

Arixtra Recall: Needle Iron Particle Discoloration in Pre-filled Syringes

BfArM issued a Drug Safety Communication regarding Viatris Healthcare Limited's Arixtra (fondaparinux sodium) pre-filled syringes. Reports indicate brown discoloration and blockage in needles caused by oxidized iron particles. Affected batches must not be dispensed or administered if discoloration is observed.

Budibase Multiple Critical Vulnerabilities Allow Root Code Execution

CERT-Bund issued security advisory WID-SEC-2026-0990 disclosing multiple critical vulnerabilities in Budibase, an open-source low-code platform. Attackers can exploit these flaws to execute arbitrary code with root privileges, escalate to administrator rights, conduct XSS attacks, manipulate data, cause denial-of-service, or disclose confidential information. CVSS Base Score is 9.6 (critical) and Temporal Score is 8.6 (high). Remote attack is possible.

GitLab CE/EE Multiple Vulnerabilities CVSS 8.5 Allow Information Disclosure and Data Manipulation

CERT-Bund issued security advisory WID-SEC-2026-1010 identifying multiple vulnerabilities in GitLab CE/EE versions below 18.9.5, 18.10.3, and 18.8.9. The vulnerabilities carry a CVSS Base Score of 8.5 (high) and a CVSS Temporal Score of 7.4 (high), with remote attack capability confirmed. An attacker could exploit these flaws to disclose information, manipulate data, bypass security measures, cause denial-of-service conditions, or execute cross-site scripting attacks.

Apache Tomcat and Tomcat Native Multiple Vulnerabilities, CVSS 7.3

CERT-Bund issued security advisory WID-SEC-2026-1038 identifying multiple vulnerabilities in Apache Tomcat and Tomcat Native with a CVSS Base Score of 7.3 (high). Affected versions include Apache Tomcat <9.0.117, <10.1.54, <11.0.21, and Tomcat Native <1.3.7, <2.0.14. An attacker can exploit these flaws to bypass security measures, manipulate data, disclose confidential information, and conduct open-redirect attacks.

Cortex XSOAR Vulnerability, CVSS 8.1, 8th Apr

Cortex XSOAR Vulnerability, CVSS 8.1, 8th Apr

IBM Tivoli Network Manager Critical Vulnerabilities CVSS 9.8

CERT-Bund disclosed multiple critical vulnerabilities in IBM Tivoli Network Manager IP Edition below version 4.2.0.24 affecting Linux, UNIX, and Windows platforms. The vulnerabilities carry a CVSS Base Score of 9.8 (critical) and enable remote attackers to execute arbitrary code, conduct denial of service attacks, disclose information, and bypass security mechanisms. Mitigation measures are available.