Germany

BaFin Imposes Administrative Fine on aap Implantate AG

BaFin has imposed an administrative fine of 158,000 euros on aap Implantate AG for violating the German Securities Trading Act. The company failed to publish a required announcement regarding the availability of its 2024 half-yearly financial report.

Bundeskartellamt Clears LifeFit Group Acquisition of Just Fit Clubs

The German Bundeskartellamt has cleared the acquisition of 21 'Just Fit' branded fitness clubs by LifeFit Group, a portfolio company of Waterland. The review focused on the Cologne metropolitan area, where competition is dynamic and expected to remain so despite significant market share increments.

Dell Secure Connect Gateway Policy Manager Critical Vulnerabilities

CERT-Bund has issued a security advisory for Dell Secure Connect Gateway Policy Manager, detailing critical vulnerabilities (CVSS Base Score 9.8) that could allow remote attacks. The advisory affects versions prior to 5.34.00.14 and recommends mitigation.

Jenkins Vulnerabilities Allow Code Execution and Info Disclosure

CERT-Bund has issued a security advisory for Jenkins, detailing multiple vulnerabilities with a high CVSS base score. These vulnerabilities allow attackers to execute arbitrary code, bypass security measures, and disclose confidential information. Affected versions include Jenkins weekly <2.555 and Jenkins LTS <2.541.3.

Samba Vulnerability Allows Information Disclosure

CERT-Bund has issued an advisory regarding a Samba vulnerability (WID-SEC-2026-0780) that allows local attackers to disclose information. The vulnerability affects Open Source Samba versions prior to 4.24.0 and has a CVSS Base Score of 5.5.

Xpdf Vulnerability Allows Denial of Service

CERT-Bund has issued a security advisory regarding a denial-of-service vulnerability in the Xpdf PDF viewer. The vulnerability affects versions of Xpdf on Linux, UNIX, and Windows systems. The advisory provides information on the vulnerability and mitigation, noting a CVSS base score of 2.9.

Drupal Automated Logout Extension Vulnerability Allows File Manipulation

CERT-Bund has issued a security advisory regarding a vulnerability in Drupal's Automated Logout Extension. The vulnerability allows remote, anonymous attackers to manipulate files. Affected versions include Open Source Drupal Automated Logout <1.7.0 and <2.0.2.

WebKitGTK Vulnerabilities Allow Code Execution, DoS, Info Disclosure

CERT-Bund has issued a security advisory (WID-SEC-2026-0782) regarding multiple vulnerabilities in WebKitGTK, a web browser engine used across various operating systems. The vulnerabilities, with a CVSS Base Score of 8.8, can allow remote attackers to execute arbitrary code, cause denial-of-service conditions, or disclose sensitive information.

Ubiquiti UniFi Vulnerabilities Allow Privilege Escalation

CERT-Bund has issued a security advisory for Ubiquiti UniFi Network Application, detailing vulnerabilities that allow for privilege escalation. The advisory assigns a critical CVSS Base Score of 10.0 and a high CVSS Temporal Score of 8.7, indicating a significant security risk. Affected versions include UniFi Network Application <10.1.89, <10.2.97, <9.0.118, and UniFi Express <4.0.13.

IBM QRadar SIEM Critical Vulnerabilities

CERT-Bund has issued a security advisory regarding critical vulnerabilities in IBM QRadar SIEM, versions prior to 7.5.0 UP15. These vulnerabilities, with a CVSS Base Score of 9.8, allow for remote code execution, information disclosure, denial of service, and file manipulation.