TYPO3 Extensions Multiple Vulnerabilities
CERT-Bund has issued a security advisory for multiple vulnerabilities in TYPO3 Extensions, including Mailqueue and Redirect Tab. The vulnerabilities have a CVSS base score of 7.5 and can allow for remote code execution or information disclosure.
Red Hat Linux Vulnerability Allows Privilege Escalation and Info Disclosure
CERT-Bund has issued a security advisory (WID-SEC-2026-0756) regarding a vulnerability in Red Hat Enterprise Linux versions prior to 10 and version 9. The vulnerability allows local attackers to escalate privileges and disclose information. The CVSS score is 6.8.
Apache Airflow Multiple Vulnerabilities Advisory
CERT-Bund has issued a security advisory for Apache Airflow, detailing multiple vulnerabilities with a CVSS score of 8.6. The advisory affects versions prior to 3.1.8 and impacts Linux and UNIX operating systems. Exploitation could lead to security bypass and information disclosure.
Linux Kernel Vulnerabilities Allow Security Bypass
CERT-Bund has issued a security advisory regarding multiple vulnerabilities in the Linux Kernel, identified as WID-SEC-2026-0754. These vulnerabilities allow attackers to bypass security measures, with a CVSS Base Score of 6.5. Several versions of the Open Source Linux Kernel are affected.
IBM SPSS Multiple Vulnerabilities Advisory
CERT-Bund has issued a security advisory for IBM SPSS, detailing multiple vulnerabilities with a CVSS score of 8.2. These vulnerabilities allow for remote attacks, including cross-site scripting and denial of service. Affected systems include Linux, UNIX, and Windows.
KeePassXC Vulnerability Allows Privilege Escalation
CERT-Bund has issued a security advisory for KeePassXC, detailing a vulnerability that allows local attackers to escalate privileges. The advisory affects versions prior to 2.7.12 on Linux, UNIX, and Windows systems.
GIMP Vulnerabilities Allow Remote Code Execution
CERT-Bund has issued a security advisory regarding multiple vulnerabilities in GIMP, a popular open-source image editing software. These vulnerabilities, with a CVSS Base Score of 7.8, could allow remote attackers to execute arbitrary code on affected systems running Linux, UNIX, or Windows.
Varnish HTTP Cache Vulnerability Allows Security Bypass
CERT-Bund has issued a security advisory (WID-SEC-2026-0749) regarding a vulnerability in Varnish HTTP Cache versions prior to 8.0.1, 9.0, 6.0.17, and 6.0.16r12. The vulnerability allows remote attackers to bypass security measures, with a CVSS base score of 6.5.
EU AI in Healthcare Market Study and Recommendations
A new study commissioned by the EU's DG CONNECT analyzes the EU digital health market, projecting significant growth driven by AI adoption. The study highlights the increasing integration of AI in healthcare and proposes policy recommendations to boost innovation and support SMEs.
CERT-FR: Multiple vulnerabilities in Mattermost Server
CERT-FR has issued an advisory regarding multiple vulnerabilities discovered in Mattermost Server. These vulnerabilities could allow an attacker to bypass security policies. Users are advised to consult Mattermost's security bulletins for patch information.
Multiple Vulnerabilities in Kaspersky Products Identified
CERT-FR has issued a security advisory regarding multiple vulnerabilities discovered in various Kaspersky product versions. These vulnerabilities could allow an attacker to cause unspecified security issues. Users are advised to consult Kaspersky's security bulletin for patch information.
Multiple Python Vulnerabilities Affect CPython Systems
CERT-FR has issued a security advisory regarding multiple vulnerabilities discovered in Python, specifically affecting CPython systems without the latest security patches. These vulnerabilities could lead to security policy bypass. Users are advised to consult the editor's security bulletins for available patches.
Microsoft Edge Vulnerability CVE-2026-3909
CERT-FR has issued a security advisory regarding a vulnerability in Microsoft Edge, identified as CVE-2026-3909. The advisory notes that this vulnerability is actively being exploited and affects versions prior to 146.0.3856.62.
CERT-FR: Multiple Xen Vulnerabilities Disclosed
CERT-FR has issued a security advisory regarding multiple vulnerabilities discovered in Xen versions 4.17.x and 4.18.x. These vulnerabilities could lead to data breaches, remote denial of service, and privilege escalation. Users are advised to apply security patches provided by Xen.
CERT-FR: Multiple Spring AI Vulnerabilities, SQL Injection Risks
CERT-FR has issued an advisory regarding multiple vulnerabilities in Spring AI, versions 1.0.x prior to 1.0.4 and 1.1.x prior to 1.1.3. These vulnerabilities allow for SQL injection and security policy bypass. Users are advised to consult the vendor's security bulletins for patch information.
CERT-FR: Multiple Redmine Vulnerabilities Identified
CERT-FR has issued a security advisory regarding multiple vulnerabilities discovered in Redmine software. The vulnerabilities include Cross-Site Scripting (XSS) and security policy bypass, affecting specific versions of Redmine. Users are advised to consult the Redmine security advisories for patch information.
Microsoft Products Vulnerability CVE-2026-32249 Discovered
CERT-FR has issued a notice regarding a vulnerability (CVE-2026-32249) discovered in Microsoft products. The advisory details affected systems and directs users to Microsoft's security bulletin for patches.
libexif Vulnerability Allows Code Execution and Denial-of-Service
CERT-Bund has issued a security advisory regarding a vulnerability in the libexif library (versions <=0.6.25). The vulnerability allows local attackers to execute arbitrary code, cause a denial-of-service, or disclose confidential information. Mitigation is available.
CPython Vulnerabilities Allow File Manipulation and DoS
CERT-Bund has issued a security advisory regarding multiple vulnerabilities in CPython versions prior to 3.15.0. These vulnerabilities can be exploited by authenticated remote attackers to manipulate files or cause a denial-of-service condition. The advisory provides mitigation information for affected systems.
OpenClaw AI Assistant Vulnerabilities
CERT-Bund has issued a security advisory for OpenClaw, an AI assistant, detailing multiple vulnerabilities with a high CVSS base score of 8.1. The advisory urges users to mitigate the risks associated with privilege escalation and confidential information disclosure.
ImageMagick Vulnerability Allows Remote Denial of Service
CERT-Bund has issued a security advisory for ImageMagick, detailing a vulnerability that allows remote denial of service attacks. The advisory affects versions prior to Open Source ImageMagick <7.1.2-17 and <6.9.13-42, impacting Linux, UNIX, and Windows systems.
Mattermost Vulnerabilities: Remote Attack Possible
CERT-Bund has issued a security advisory regarding multiple vulnerabilities in Mattermost Server versions prior to 11.4.0, 11.3.1, 11.2.3, 10.11.11, 11.6.0, 10.11.13, 11.5.1, 11.4.3, and 10.11.13. These vulnerabilities have a CVSS base score of 7.3 and allow for remote attacks.
OpenCTI Vulnerability Allows Bypassing Security Measures
CERT-Bund has issued a security advisory for OpenCTI, a cyber threat intelligence platform. A vulnerability (CVE) allows remote, authenticated attackers to bypass security measures. The advisory affects OpenCTI versions prior to 6.9.1.
Langflow Vulnerabilities Allow Code Execution and Security Bypass
CERT-Bund has issued a security advisory (WID-SEC-2026-0747) regarding critical vulnerabilities in Langflow versions <=1.8.1 and <1.7.2. These flaws allow remote code execution and security bypass, with a CVSS base score of 10.0. Mitigation is available.
Vercel Next.js Vulnerabilities Allow DoS or Security Bypass
CERT-Bund has issued a security advisory for Vercel Next.js, detailing vulnerabilities that could allow remote attackers to perform Denial of Service attacks or bypass security measures. The advisory affects versions prior to 16.1.7 and 15.5.13, with a CVSS base score of 6.5.
Octopus Deploy Vulnerability Allows Remote File Manipulation
CERT-Bund has issued a security advisory for Octopus Deploy, detailing a vulnerability that allows remote authenticated attackers to manipulate files. The advisory affects specific versions of Octopus Deploy running on Linux and Windows and provides mitigation information.
NetBox Cross-Site Scripting Vulnerability Advisory
CERT-Bund has issued a security advisory for NetBox, detailing a vulnerability that allows for Cross-Site Scripting attacks. The advisory affects NetBox version 4.3.5 and provides information on mitigation strategies.
Gitea Vulnerabilities Allow Bypass, Data Manipulation, Disclosure
CERT-Bund has issued a security advisory for Gitea, detailing multiple vulnerabilities with a CVSS base score of 7.3. These vulnerabilities can allow attackers to bypass security measures, manipulate data, and disclose confidential information. Users are advised to update to Gitea version 1.25.5 or later.
Kubernetes Vulnerability Allows Remote File Manipulation
CERT-Bund has issued a security advisory (WID-SEC-2026-0738) regarding a vulnerability in Kubernetes that allows remote authenticated attackers to manipulate files. The vulnerability affects the Open Source Kubernetes CSI Driver for NFS versions prior to 4.13.1 and has a CVSS Base Score of 6.5.
FFmpeg Vulnerability Allows Denial of Service and Information Disclosure
CERT-Bund has issued a security advisory (WID-SEC-2026-0740) regarding a vulnerability in the FFmpeg RV60 video decoder. The vulnerability allows remote attackers to cause a Denial of Service or disclose information. Affected versions include Open Source ffmpeg <8.1, 8.0, and 8.0.1.
ENISA Chairs EU Agencies Network, Strengthens Cybersecurity
ENISA has taken over the chair of the EU Agencies Network (EUAN) for 2025-2026, focusing on implementing a new governance framework and strengthening cybersecurity across EU agencies. A Memorandum of Understanding was signed to reassert cooperation on shared services, including HR, cybersecurity, and legal services.
CISA KEV: Wing FTP Server Path Disclosure Vulnerability
CISA has added CVE-2025-47813, a path disclosure vulnerability in Wing FTP Server, to its Known Exploited Vulnerabilities (KEV) catalog. This vulnerability affects versions prior to 7.4.4 and requires specific conditions to exploit.
DHS Arrests Afghan National with Prior Indecent Exposure Conviction
DHS announced the arrest of an Afghan national, Basir Ahmad Safi, who was paroled into the U.S. under Operation Allies Welcome and later convicted of indecent exposure to a minor. Safi faces multiple charges including lewd or lascivious exhibition and child abuse.
DHS: Criminal Illegal Alien Weaponized Vehicle Against ICE in Vermont
The Department of Homeland Security (DHS) issued a press release regarding a criminal illegal alien who weaponized a vehicle against ICE law enforcement officers in Vermont. The individual, Deyvi Daniel Corona-Sanchez, remains at-large. DHS noted a disturbing trend of vehicle attacks against law enforcement.
ICE Requests Virginia Politicians Not Release Pedophile
U.S. Immigration and Customs Enforcement (ICE) has requested that Virginia politicians not release Angel David Rubio Marin, an individual charged with soliciting sexual content from children, back into neighborhoods. ICE lodged an arrest detainer due to Rubio Marin's alleged criminal activity and illegal immigration status.
DHS Urges Sanctuary Politicians Not to Release Alien Charged with Assault
The Department of Homeland Security (DHS) issued a press release urging Fairfax County, Virginia politicians not to release an undocumented immigrant charged with multiple counts of assault and battery. The individual, who allegedly groped high school students, was previously released into the country under current administration policies.
ICE Arrests of Criminal Illegal Aliens
U.S. Immigration and Customs Enforcement (ICE) reported the arrest of numerous criminal illegal aliens over a recent weekend. These individuals had convictions for serious offenses including murder, rape, and child abuse. The agency highlighted increased assaults and threats against its officers.