VMware Products Multiple Vulnerabilities Advisory
CERT-FR has issued an advisory regarding multiple vulnerabilities discovered in various VMware products. The advisory lists affected versions and directs users to VMware's security bulletins for remediation. The specific risk is not detailed by the publisher.
Multiple vulnerabilities found in Atlassian products
The CERT-FR has issued a security advisory regarding multiple vulnerabilities discovered in Atlassian products, including Confluence and Jira. These vulnerabilities could lead to remote code execution, denial of service, and data breaches.
Apple Products Vulnerability: Security Policy Bypass
CERT-FR has issued a security advisory regarding a vulnerability discovered in Apple products, including iOS, iPadOS, and macOS. The vulnerability allows for a security policy bypass. Users are advised to refer to Apple's security bulletin for patch information.
GLPI Vulnerabilities: SQL Injection, Security Bypass
CERT-FR has issued a security advisory regarding multiple vulnerabilities in GLPI software, versions prior to 11.0.6. These vulnerabilities include SQL injection and security bypass, potentially allowing attackers to compromise systems. Users are advised to consult the publisher's security bulletins for patch information.
Citrix XenServer Vulnerability Allows Security Policy Bypass
CERT-FR has issued an advisory regarding a vulnerability in Citrix XenServer (CVE-2026-23554) that allows for security policy bypass. The advisory urges users to apply security patches provided by Citrix to affected systems.
CERT-FR: Multiple MongoDB Vulnerabilities
CERT-FR has issued a security advisory regarding multiple vulnerabilities discovered in MongoDB. The advisory details affected versions and directs users to MongoDB's security bulletins for patch information. The specific risk is not detailed by the publisher.
CERT-FR: Multiple Vulnerabilities in Suricata
CERT-FR has issued a security advisory regarding multiple vulnerabilities discovered in Suricata versions 7.0.x and 8.0.x. Users are advised to consult the Suricata security bulletin for patch information.
Node.js Multiple Vulnerabilities Security Patches
CERT-FR has issued a security advisory regarding multiple vulnerabilities discovered in Node.js versions 20.x, 22.x, 24.x, and 25.x. Security patches are scheduled for release on March 24, 2026, to address these issues.
Linux Kernel Vulnerabilities
CERT-Bund has issued a security advisory for multiple vulnerabilities in the Linux Kernel, rated with a critical CVSS base score of 9.8. These vulnerabilities could lead to denial-of-service conditions or memory corruption. Mitigation measures are available.
nghttp2 Vulnerability Allows Denial of Service
CERT-Bund has issued a security advisory regarding a vulnerability in nghttp2 versions prior to 1.68.1. The vulnerability allows remote attackers to perform a Denial of Service attack. The advisory provides mitigation information and affected systems.
Wazuh Vulnerabilities Allow Critical Remote Attacks
CERT-Bund has issued a security advisory for Wazuh, detailing multiple vulnerabilities that allow critical remote attacks with a CVSS score of 9.1. The advisory affects Wazuh versions prior to 4.14.3 and impacts UNIX and other operating systems.
IBM App Connect Enterprise Multiple Vulnerabilities
CERT-Bund has issued a security advisory for IBM App Connect Enterprise, detailing multiple critical vulnerabilities with a CVSS score of 9.3. These vulnerabilities could allow remote attackers to cause denial-of-service or enable cross-site scripting attacks.
Red Hat Enterprise Linux and OpenShift Vulnerabilities Disclosed
CERT-Bund has issued a security advisory regarding multiple vulnerabilities in Red Hat Enterprise Linux (RHEL) and Red Hat OpenShift. The vulnerabilities have a CVSS Base Score of 7.3 and could allow for arbitrary code execution, denial of service, file manipulation, and information disclosure.
Atlassian Jira Multiple Vulnerabilities
CERT-Bund has issued a security advisory for Atlassian Jira, detailing multiple vulnerabilities with a CVSS base score of 7.2. The advisory affects Data Center and Server versions prior to specific releases. Users are advised to implement mitigations.
CERT-Bund: MongoDB Vulnerabilities Disclosed, Remote Attack Possible
CERT-Bund has issued a security advisory regarding multiple vulnerabilities in MongoDB, versions prior to 8.3.0-rc0, 8.0.20, 7.0.31, and 8.2.6. These vulnerabilities allow for remote attacks, including information disclosure and arbitrary code execution. The advisory highlights a high CVSS Base Score of 8.8.
Budibase Vulnerability Allows Bypass and Information Disclosure
CERT-Bund has issued a security advisory (WID-SEC-2026-0776) regarding a vulnerability in Budibase, an open-source low-code platform. The vulnerability allows remote, authenticated attackers to bypass security mechanisms and disclose information. Affected versions include Budibase <=3.30.6.
Apple iOS, iPadOS, macOS Vulnerability Allows Security Bypass
CERT-Bund has issued a security advisory for a vulnerability in Apple iOS, iPadOS, and macOS that allows security bypass. The advisory details affected versions and provides mitigation information. The vulnerability has a high CVSS base score.
Canonical Snap Vulnerability Allows Administrator Rights Escalation
CERT-Bund has issued a security advisory (WID-SEC-2026-0758) regarding a vulnerability in Canonical Snap that allows for administrator rights escalation on Linux systems. The advisory details affected versions of Ubuntu Linux snapd and provides mitigation information.
IBM Planning Analytics Vulnerabilities Allow DoS, Info Disclosure
CERT-Bund has issued a security advisory for IBM Planning Analytics, detailing multiple vulnerabilities. These flaws, with a CVSS base score of 7.5, can be exploited for denial of service, information disclosure, and bypass of security measures. The advisory applies to versions prior to 2.1.18.
Xen, Citrix XenServer Vulnerabilities - Local Privilege Escalation
CERT-Bund has issued a security advisory (WID-SEC-2026-0760) regarding multiple vulnerabilities in Xen and Citrix XenServer. These vulnerabilities, with a CVSS Base Score of 7.8, could allow local attackers to escalate privileges, cause a denial-of-service, or disclose confidential information.
Red Hat JBoss Platform Denial of Service Vulnerability
CERT-Bund has issued a security advisory for Red Hat JBoss Enterprise Application Platform, detailing a vulnerability that allows remote attackers to cause a Denial of Service. The advisory provides information on affected versions and mitigation strategies.
ConnectWise ScreenConnect Privilege Escalation Vulnerability
CERT-Bund has issued a security advisory (WID-SEC-2026-0763) regarding a critical vulnerability in ConnectWise ScreenConnect versions prior to 26.1. The flaw allows remote attackers to bypass security measures and potentially escalate privileges on affected systems running Linux, UNIX, or Windows.
Grafana Tempo Vulnerability Allows Information Disclosure
CERT-Bund has issued a security advisory for Grafana Tempo, detailing a vulnerability (CVSS 7.5) that allows remote attackers to disclose information. Affected versions are prior to 2.10.3, impacting Linux and UNIX systems.
Phoenix Contact FL SWITCH Multiple Vulnerabilities
CERT-Bund has issued a security advisory for Phoenix Contact FL SWITCH industrial network switches due to multiple vulnerabilities. The vulnerabilities could allow remote attackers to execute arbitrary code, cause denial-of-service, or manipulate data.
Dell Remote Access Controller Vulnerabilities
CERT-Bund has issued a security advisory regarding multiple vulnerabilities in Dell Remote Access Controller (iDRAC) versions. The vulnerabilities could allow attackers to execute arbitrary code or disclose sensitive information. Mitigation is available.
Atlassian Confluence Vulnerability Allows Code Execution
CERT-Bund has issued a security advisory for Atlassian Confluence, detailing a vulnerability that allows remote code execution. Affected versions include Confluence Data Center and Server prior to specific releases. Mitigation is available.
Keycloak Vulnerability Allows Information Disclosure
CERT-Bund has issued a security advisory regarding a vulnerability in Keycloak that allows for information disclosure. The vulnerability affects Keycloak versions running on Linux and UNIX operating systems. Users are advised to consult the advisory for mitigation details.
DHS Statement on Judge Ordering MS-13 Gang Member Release
The Department of Homeland Security (DHS) issued a statement criticizing a judge's order to release Carlos Antonio Flores-Miguel, an MS-13 gang member with a criminal history, from ICE custody. The statement highlights the individual's violent resistance during arrest and his prior convictions.
DHS: MS-13 Gang Member Sentenced to 55 Years for Murders
The Department of Homeland Security announced the sentencing of Ramiro Antonio Gutierrez Garcia, an MS-13 gang member and illegal alien from El Salvador, to 55 years in prison for multiple murders in Queens, NY. DHS has arrested over 7,800 criminal illegal alien gang members since President Trump took office.
ICE Arrests of Criminal Illegal Aliens
U.S. Immigration and Customs Enforcement (ICE) announced the arrest of criminal illegal aliens convicted of serious offenses, including homicide and sex crimes. The agency stated that nearly 70% of ICE arrests involve individuals charged or convicted of crimes in the U.S.
DHS Press Release: TSA Officers Working Without Pay Due to Shutdown
The Department of Homeland Security (DHS) issued a press release highlighting that TSA officers are working without pay for the third time in six months due to a government shutdown. This is reportedly causing increased callouts and flight delays for American travelers.