Changeflow GovPing Cybersecurity March 25, 2026
← March 24
All Cybersecurity updates →
March 26 →
CISA ICS-CERT Advisories
Favicon for www.cisa.gov

CISA Adds CVE-2026-33017 to Known Exploited Vulnerabilities Catalog

CISA has added CVE-2026-33017, a Langflow Code Injection Vulnerability, to its Known Exploited Vulnerabilities (KEV) Catalog due to evidence of active exploitation. Federal Civilian Executive Branch (FCEB) agencies are required by Binding Operational Directive (BOD) 22-01 to remediate these vulnerabilities.

Priority review Notice Cybersecurity
CERT-FR Security Advisories
Favicon for www.cert.ssi.gouv.fr

Multiple Squid Vulnerabilities Affect Data Confidentiality and Availability

CERT-FR has issued an advisory regarding multiple vulnerabilities discovered in Squid software, affecting versions prior to 7.5. These vulnerabilities can lead to remote denial-of-service attacks and data confidentiality breaches. Users are advised to consult the vendor's security bulletins for patch information.

Priority review Notice Cybersecurity
CERT-FR Security Advisories
Favicon for www.cert.ssi.gouv.fr

Citrix XenServer Vulnerability Allows Data Confidentiality Breach

CERT-FR has issued an advisory regarding a vulnerability in Citrix XenServer (CVE-2026-4397) that could lead to a data confidentiality breach. The advisory affects XenServer versions 8.4 without the latest security patch and directs users to Citrix's security bulletin for remediation.

Priority review Notice Cybersecurity
CERT-FR Security Advisories
Favicon for www.cert.ssi.gouv.fr

GitLab Vulnerabilities Pose Data Integrity and XSS Risks

CERT-FR has issued a security advisory regarding multiple vulnerabilities discovered in GitLab Community and Enterprise Editions. These vulnerabilities could allow attackers to compromise data integrity, execute cross-site scripting (XSS) attacks, and cause remote denial of service.

Priority review Notice Cybersecurity
CERT-FR Security Advisories
Favicon for www.cert.ssi.gouv.fr

ISC Kea Vulnerability Allows Remote Denial of Service

CERT-FR has issued an advisory regarding a remote denial-of-service vulnerability (CVE-2026-3608) in ISC Kea software. Affected versions include Kea 2.6.x prior to 2.6.5 and 3.0.x prior to 3.0.3. Users are advised to consult the vendor's security bulletin for patch information.

Priority review Notice Cybersecurity
CERT-FR Security Advisories
Favicon for www.cert.ssi.gouv.fr

Apple Products Multiple Vulnerabilities

CERT-FR has issued a security advisory regarding multiple vulnerabilities discovered in various Apple products, including iOS, iPadOS, macOS, and Safari. These vulnerabilities could allow attackers to elevate privileges, cause remote denial-of-service, and compromise data confidentiality.

Priority review Notice Cybersecurity
CERT-FR Security Advisories
Favicon for www.cert.ssi.gouv.fr

Mozilla Products Vulnerabilities

CERT-FR has issued a security advisory regarding multiple vulnerabilities discovered in Mozilla products, including Firefox ESR, Firefox, and Thunderbird. These vulnerabilities could allow attackers to execute arbitrary code, elevate privileges, or cause a denial of service.

Priority review Notice Cybersecurity
CERT-FR Security Advisories
Favicon for www.cert.ssi.gouv.fr

Multiple Zabbix Vulnerabilities Disclosed

CERT-FR has issued an advisory regarding multiple vulnerabilities discovered in Zabbix software. These vulnerabilities could allow remote code execution, data breaches, and SQL injection. Affected versions include specific releases of Zabbix 6.0, 7.0, 7.2, and 7.4.

Priority review Notice Cybersecurity
CERT-FR Security Advisories
Favicon for www.cert.ssi.gouv.fr

Tenable OT Platform Vulnerability Allows Data Confidentiality Breach

CERT-FR has issued a security advisory regarding a vulnerability in Tenable OT Platform. The vulnerability, identified as CVE-2026-4433, can lead to a breach of data confidentiality. Affected systems are versions prior to 4.2.40 without the specific security patch.

Priority review Notice Cybersecurity
CERT-FR Security Advisories
Favicon for www.cert.ssi.gouv.fr

Multiple vulnerabilities found in F5 products

CERT-FR has issued an advisory regarding multiple vulnerabilities discovered in F5 products, including Nginx Open Source and NGINX Plus. These vulnerabilities could allow for remote arbitrary code execution, denial of service, and data breaches.

Priority review Notice Cybersecurity
CERT-Bund Security Advisories
Favicon for wid.cert-bund.de

NATS Server Vulnerabilities Allow Remote Attackers to Disclose/Manipulate Info, Cause DoS

CERT-Bund has issued a security advisory regarding multiple vulnerabilities in NATS Server versions prior to 2.12.6 and 2.11.15. These vulnerabilities, with a CVSS base score of 8.6, allow remote attackers to disclose or manipulate information, cause denial-of-service, and bypass security mechanisms.

Priority review Notice Cybersecurity
CERT-Bund Security Advisories
Favicon for wid.cert-bund.de

NGINX Plus and NGINX Vulnerabilities

CERT-Bund has issued a security advisory regarding multiple vulnerabilities in NGINX and NGINX Plus, with a CVSS base score of 8.2. The vulnerabilities affect Linux, UNIX, and Windows operating systems and can be exploited remotely to cause denial of service, data manipulation, bypass security measures, and potentially execute arbitrary code.

Priority review Notice Cybersecurity
CERT-Bund Security Advisories
Favicon for wid.cert-bund.de

Apple Xcode Vulnerabilities Allow Information Disclosure, Denial of Service

CERT-Bund has issued a security advisory for Apple Xcode, detailing multiple vulnerabilities that could allow remote attackers to disclose information or cause a denial of service. The advisory notes a CVSS Base Score of 5.5 (medium) and affects versions prior to 26.4 on MacOS X.

Priority review Notice Cybersecurity
CERT-Bund Security Advisories
Favicon for wid.cert-bund.de

Linux Kernel Vulnerabilities Allow DoS, Code Execution

CERT-Bund has issued a security advisory regarding multiple critical vulnerabilities in the Linux Kernel, with a CVSS base score of 9.8. These vulnerabilities can allow attackers to cause denial of service, bypass security measures, disclose information, and potentially execute code remotely. Mitigation measures are available.

Urgent Notice Cybersecurity
CERT-Bund Security Advisories
Favicon for wid.cert-bund.de

Squid Vulnerabilities Allow Denial of Service Attacks

CERT-Bund has issued a security advisory regarding multiple vulnerabilities in Squid, an open-source web proxy cache. These vulnerabilities, with a CVSS base score of 8.6, can be exploited by remote attackers to cause a Denial of Service. The advisory applies to Squid versions prior to 7.5 on Linux, UNIX, and Windows systems.

Priority review Notice Cybersecurity
CERT-Bund Security Advisories
Favicon for wid.cert-bund.de

macOS Vulnerabilities Allow Privilege Escalation and Data Manipulation

CERT-Bund has issued a security advisory for Apple macOS, detailing multiple vulnerabilities with a high CVSS base score of 8.3. These vulnerabilities can be exploited remotely to bypass security measures, conduct denial-of-service attacks, disclose information, manipulate files, and escalate privileges. Affected versions include macOS Sonoma <14.8.5, Sequoia <15.7.5, and Tahoe <26.4.

Priority review Notice Cybersecurity
CERT-Bund Security Advisories
Favicon for wid.cert-bund.de

Apple iOS/iPadOS Vulnerabilities Allow Bypass, DoS, Info Disclosure

CERT-Bund has issued a security advisory regarding multiple vulnerabilities in Apple iOS and iPadOS. These vulnerabilities, with a CVSS base score of 8.3, can allow attackers to bypass security measures, perform denial-of-service attacks, disclose information, and conduct cross-site scripting attacks. Affected versions include iOS and iPadOS prior to specific updates.

Priority review Notice Cybersecurity
CERT-Bund Security Advisories
Favicon for wid.cert-bund.de

Mozilla Firefox and Thunderbird Multiple Vulnerabilities

CERT-Bund has issued a security advisory regarding multiple vulnerabilities in Mozilla Firefox and Mozilla Thunderbird. These vulnerabilities, with a CVSS base score of 8.8, could allow remote attackers to execute arbitrary code, cause denial of service, or disclose information. Affected versions include Firefox <149, Firefox ESR <115.34 and <140.9, and Thunderbird <149 and ESR <140.9.

Priority review Notice Cybersecurity
CERT-Bund Security Advisories
Favicon for wid.cert-bund.de

ImageMagick Vulnerabilities Allow Denial of Service Attacks

CERT-Bund has issued a security advisory regarding multiple vulnerabilities in ImageMagick versions prior to 7.1.2-18 and 6.9.13-43. These vulnerabilities can be exploited by local or remote attackers to conduct denial-of-service attacks. Mitigation is available.

Priority review Notice Cybersecurity
CERT-Bund Security Advisories
Favicon for wid.cert-bund.de

Apple Safari Vulnerabilities Allow Bypass, DoS, Disclosure, XSS

CERT-Bund has issued a security advisory regarding multiple vulnerabilities in Apple Safari, identified by WID-SEC-2026-0848. These vulnerabilities have a high CVSS Base Score of 8.3 and could allow attackers to bypass security measures, perform denial-of-service attacks, disclose information, or execute cross-site scripting attacks.

Priority review Notice Cybersecurity
CERT-Bund Security Advisories
Favicon for wid.cert-bund.de

Netty Vulnerabilities Allow Bypass and Denial of Service

CERT-Bund has issued a security advisory regarding multiple vulnerabilities in the Netty network application framework. These vulnerabilities, with a CVSS Base Score of 7.5, allow remote attackers to bypass security measures and cause denial of service. Affected versions include Open Source Netty prior to 4.2.11 and 4.1.132.

Priority review Notice Cybersecurity
CERT-Bund Security Advisories
Favicon for wid.cert-bund.de

Hitachi Ops Center Vulnerabilities Allow Remote Attacks, XSS

CERT-Bund has issued a security advisory for Hitachi Ops Center, detailing vulnerabilities that allow remote attacks and cross-site scripting. The advisory affects versions prior to Hitachi Ops Center Administrator <11.0.8 and Analyzer <11.0.5-00. Mitigation measures are available.

Priority review Notice Cybersecurity
CERT-Bund Security Advisories
Favicon for wid.cert-bund.de

Ubiquiti UniFi Network Server Vulnerability

CERT-Bund has issued a security advisory for Ubiquiti UniFi Network Server versions prior to 10.1.89. A vulnerability allows remote attackers to bypass security measures, with a CVSS base score of 8.8. Mitigation is available.

Priority review Notice Cybersecurity
CERT-Bund Security Advisories
Favicon for wid.cert-bund.de

Langflow Vulnerability Allows Code Execution

CERT-Bund has issued a security advisory for Langflow, a tool for creating LLM-based applications. A vulnerability (CVSS 8.8) allows remote attackers to execute arbitrary code on affected systems running versions prior to 1.9.0. Mitigation measures are available.

Priority review Notice Cybersecurity
CERT-Bund Security Advisories
Favicon for wid.cert-bund.de

Harbor Vulnerability Allows Information Disclosure

CERT-Bund has issued a security advisory for Harbor, a Docker distribution registry, detailing a vulnerability that allows information disclosure. The advisory affects specific versions of Open Source Harbor and provides mitigation information.

Priority review Notice Cybersecurity
CERT-Bund Security Advisories
Favicon for wid.cert-bund.de

TIBCO ActiveMatrix Vulnerability Allows Data Disclosure and Manipulation

CERT-Bund has issued a security advisory for TIBCO ActiveMatrix and TIBCO Administrator, detailing a critical vulnerability (CVSS 9.9) that allows remote authenticated attackers to disclose and manipulate data. The advisory affects specific versions of TIBCO ActiveMatrix BusinessWorks and TIBCO Administrator Enterprise.

Urgent Notice Cybersecurity
CERT-Bund Security Advisories
Favicon for wid.cert-bund.de

Node.js Vulnerabilities Allow DoS, Bypass, Info Disclosure

CERT-Bund has issued a security advisory for Node.js, detailing multiple vulnerabilities that could allow attackers to cause denial of service, bypass security measures, and disclose information. The advisory affects various versions of Open Source Node.js and provides mitigation information.

Priority review Notice Cybersecurity
CERT-Bund Security Advisories
Favicon for wid.cert-bund.de

IBM WebSphere Liberty Vulnerabilities Allow Privilege Escalation

CERT-Bund has issued a security advisory for IBM WebSphere Application Server Liberty, detailing vulnerabilities that allow privilege escalation, security bypass, and information disclosure. The advisory affects versions prior to 26.0.0.4 and provides mitigation information.

Priority review Notice Cybersecurity
CERT-Bund Security Advisories
Favicon for wid.cert-bund.de

GitLab Vulnerabilities Allow File Manipulation, Bypass, DoS, Info Disclosure, XSS

CERT-Bund has issued a security advisory for GitLab, detailing multiple vulnerabilities that could allow attackers to manipulate files, bypass security measures, conduct denial-of-service attacks, disclose information, and perform cross-site scripting attacks. The advisory affects open-source GitLab versions prior to 18.10.1, 18.9.3, and 18.8.7.

Priority review Notice Cybersecurity
CERT-Bund Security Advisories
Favicon for wid.cert-bund.de

IBM InfoSphere Server Vulnerabilities Allow Remote Attacks

CERT-Bund has issued a security advisory for IBM InfoSphere Information Server, detailing multiple vulnerabilities with a critical CVSS Base Score of 9.1. These vulnerabilities can be exploited by remote attackers to bypass security measures, cause denial of service, and manipulate data.

Urgent Notice Cybersecurity
CERT-Bund Security Advisories
Favicon for wid.cert-bund.de

Xen Vulnerability Allows Security Bypass

CERT-Bund has issued a security advisory regarding a vulnerability in Xen, a virtual machine monitor, that allows local attackers from a guest VM to bypass security measures. The advisory, dated March 24, 2026, notes a CVSS base score of 6.7 and indicates that mitigation is available.

Priority review Notice Cybersecurity
CERT-Bund Security Advisories
Favicon for wid.cert-bund.de

OpenClaw Vulnerabilities

CERT-Bund has issued a security advisory for OpenClaw, detailing multiple critical vulnerabilities with a CVSS score of 9.9. These vulnerabilities allow for remote code execution, privilege escalation, data manipulation, and denial-of-service attacks. A mitigation is available.

Urgent Notice Cybersecurity
CERT-Bund Security Advisories
Favicon for wid.cert-bund.de

Zabbix Vulnerabilities Allow Remote Attacks

CERT-Bund has issued a security advisory for Zabbix, detailing multiple vulnerabilities with a CVSS base score of 8.8. These vulnerabilities affect various Zabbix versions and allow remote attackers to disclose information, inject shell commands, perform SQL injection, and cause denial of service.

Priority review Notice Cybersecurity
CSA Alerts & Advisories (Singapore)
Favicon for www.csa.gov.sg

CSA Security Bulletin: NIST NVD Vulnerabilities

The Cyber Security Agency of Singapore (CSA) has issued a security bulletin detailing critical vulnerabilities identified in the past week from the NIST National Vulnerability Database (NVD). The bulletin categorizes vulnerabilities by severity using CVSSv3 scores and provides specific details on several critical CVEs affecting various software and hardware components.

Priority review Notice Cybersecurity
DHS Press Releases
Favicon for www.dhs.gov

DHS Secretary Markwayne Mullin Sworn In

The Department of Homeland Security (DHS) announced the swearing-in ceremony for its new Secretary, Markwayne Mullin, which took place at the White House on March 24, 2026. The release includes a quote from Secretary Mullin and photographs from the event.

Routine Notice Government Contracting
DHS Press Releases
Favicon for www.dhs.gov

ICE Arrests Child Predators, Rapists, and Domestic Abusers

U.S. Immigration and Customs Enforcement (ICE) announced the arrest of multiple individuals described as illegal aliens convicted of serious crimes, including child sexual abuse, rape, and domestic abuse. The press release highlights that nearly 70% of those arrested have criminal convictions or pending charges in the U.S.

Priority review Enforcement Immigration
DHS Press Releases
Favicon for www.dhs.gov

ICE Arrest of Guatemalan National Charged in Long Island Rape

DHS announced the arrest of Carlos Aguilar Reynoso, a Guatemalan national charged with rape and other offenses against a child in Long Island, New York. ICE collaborated with local law enforcement to apprehend the individual.

Urgent Enforcement Immigration
DHS Press Releases
Favicon for www.dhs.gov

US Senate Confirms Markwayne Mullin as Secretary of Homeland Security

The U.S. Senate has confirmed Markwayne Mullin as the 9th Secretary of the Department of Homeland Security (DHS) in a bipartisan vote. He was sworn in by President Donald J. Trump and stated his priority is to ensure the department is funded to continue its critical work.

Routine Notice Immigration
NCSC UK News
Favicon for www.ncsc.gov.uk

NCSC CEO Urges AI Coding Safeguards for Secure Software

The UK's National Cyber Security Centre (NCSC) CEO, Dr. Richard Horne, is urging the international security community to develop safeguards for AI-generated code ('vibe coding'). While acknowledging the risks of propagating vulnerabilities, the NCSC highlights the opportunity to improve software security by design through well-trained AI tools.

Priority review Notice Cybersecurity
NIST Publications
Favicon for www.nist.gov

NIST Cybersecurity Framework 2.0 Quick-Start Guide Published

NIST has published a Quick-Start Guide for its Cybersecurity Framework 2.0, focusing on integrating cybersecurity, enterprise risk management, and workforce management. The guide aims to help organizations improve communication about cybersecurity risks and align workforce decisions with risk realities.

Routine Guidance Cybersecurity