CVE-2026-3055 Citrix NetScaler Out-of-Bounds Read Added to KEV Catalog
CISA added CVE-2026-3055, a Citrix NetScaler out-of-bounds read vulnerability, to the Known Exploited Vulnerabilities (KEV) Catalog based on evidence of active exploitation. Federal Civilian Executive Branch agencies must remediate this vulnerability per Binding Operational Directive 22-01 requirements. CISA strongly urges all organizations to prioritize timely remediation as part of their vulnerability management practice.
ICE Requests Charlotte Hold Alien in Double Murder Case
ICE has lodged a detainer requesting Charlotte officials not release Angelvis Jesus Quintero Fernandez, a 22-year-old Venezuelan illegal alien, who faces felony charges including first-degree murder and attempted first-degree murder for allegedly carrying out two fatal shootings. The detainer was issued following Fernandez's arrest in Charlotte, North Carolina.
ICE Arrests Criminal Illegal Alien and Latin Kings Gang Member
ICE announced the arrest of Bryan David Tasiguano Leon, a criminal illegal alien from Ecuador and documented Latin Kings gang member. Despite an ICE detainer being lodged, NYC authorities released him back into the community. Tasiguano Leon first entered the country illegally in 2022 and was previously released by federal authorities.
Multiple Microsoft Product Vulnerabilities Advisory
CERT-FR issued an advisory aggregating 44+ Microsoft security vulnerabilities (CVEs) disclosed between March 19-26, 2026. The vulnerabilities affect various Microsoft products, with severity ranging from important to critical. French organizations using Microsoft software are advised to review and apply the referenced security patches.
Roundcube Vulnerability Allows Security Policy Bypass
CERT-FR issued an advisory warning of a security policy bypass vulnerability in Roundcube Webmail affecting versions 1.5.x prior to 1.5.15, 1.6.x prior to 1.6.15, and 1.7.x prior to 1.7-rc6. The vulnerability, disclosed by Roundcube on March 29, 2026, allows attackers to bypass security policies. Organizations running affected versions should update immediately.
Docker Desktop SSRF vulnerability, versions before 4.67.0
Docker Desktop SSRF vulnerability, versions before 4.67.0
Multiple Microsoft Edge vulnerabilities, 5 CVEs, security advisory
Multiple Microsoft Edge vulnerabilities, 5 CVEs, security advisory
Langflow Multiple Security Vulnerabilities - CVSS 8.8
CERT-Bund issued a security advisory warning of multiple high-severity vulnerabilities in Langflow, an open-source visual interface for building LLM-based applications. The vulnerabilities carry a CVSS Base Score of 8.8 and CVSS Temporal Score of 8.1, enabling remote attackers to conduct information disclosure, data manipulation, and Cross-Site-Scripting attacks. No mitigation is currently available.
Wazuh Multiple Vulnerabilities - Remote Code Execution and DoS
CERT-Bund issued security advisory WID-SEC-2026-0908 warning of multiple vulnerabilities in Wazuh security monitoring platform (CVSS 6.7 medium severity). The vulnerabilities allow remote attackers to execute arbitrary code, perform denial of service attacks, manipulate data, and disclose confidential information. Affected versions include Wazuh prior to 4.13.0, 4.3.11, 4.14.0, and Wazuh Manager/Agent prior to 4.8.0.
Red Hat Undertow Multiple Security Vulnerabilities
CERT-Bund issued security advisory WID-SEC-2026-0907 warning of multiple vulnerabilities in Red Hat Undertow web server with CVSS Base Score 8.7 (high) and Temporal Score 8.0. Remote, anonymous attackers can exploit these flaws to bypass security measures, manipulate data, and disclose confidential information. Organizations running affected versions of Undertow should apply mitigations or patches.
Edge Vulnerability Allows File Manipulation, Information Disclosure
CERT-Bund issued a security advisory about a vulnerability in Microsoft Edge (versions prior to 146.0.3856.84) with a CVSS Base Score of 4.2 (medium). The vulnerability allows remote anonymous attackers to manipulate files and disclose confidential information. Users are advised to update to the patched version.
Vim Remote Code Execution Vulnerability - CVSS 8.2
CERT-Bund issued security advisory WID-SEC-2026-0904 warning of a high-severity vulnerability (CVSS 8.2) in Vim text editor versions prior to 9.2.0172. The vulnerability allows remote code execution by an unauthenticated attacker. Organizations running Vim on Linux, UNIX, Windows, or other platforms should update immediately to the patched version.
Fleet Open-Source Platform Critical SQL Injection and DoS Vulnerabilities
CERT-Bund issued critical security advisory WID-SEC-2026-0902 alerting to severe vulnerabilities in Fleet open-source device management platform versions prior to 4.81.1. The vulnerabilities include SQL injection, denial of service, security bypass, information disclosure, and remote code execution with admin privileges, achieving CVSS Base Score 9.8 (critical). Organizations running Fleet on Linux or UNIX systems should immediately update to version 4.81.1 or later.
Grafana Multiple Vulnerabilities Remote Code Execution Risk
CERT-Bund issued security advisory WID-SEC-2026-0899 warning of critical vulnerabilities (CVSS Base Score 9.1) in Grafana software. Remote attackers can exploit these flaws to execute code, conduct denial of service attacks, or disclose information. Affected versions include Grafana prior to 12.4.0, 12.3.0, 12.2.0, and 12.0.0 across Linux, UNIX, Windows, and other platforms.
WebKitGTK Multiple Vulnerabilities Security Advisory
CERT-Bund issued security advisory WID-SEC-2026-0911 identifying multiple vulnerabilities in WebKitGTK (versions before 2.52.1). The vulnerabilities have a CVSS Base Score of 6.5 (medium) and enable denial of service attacks, security feature bypass, information disclosure, and cross-site scripting attacks. Remote exploitation is possible. Mitigation is available via version update.
Tinyproxy vulnerability enables Denial of Service attack
Tinyproxy vulnerability enables Denial of Service attack
FRRouting Vulnerability Allows Remote Data Manipulation
CERT-Bund issued a security advisory disclosing a medium-severity vulnerability (CVSS 4.2) in FRRouting Project FRRouting versions up to and including 10.5.1. A remote, authenticated attacker can exploit this flaw to manipulate data on affected systems. Mitigations are available; organizations using FRRouting on Linux or UNIX platforms are advised to apply them promptly.
Linux Kernel Denial of Service Vulnerabilities
CERT-Bund issued a security advisory identifying multiple vulnerabilities in the Linux Kernel that allow remote attackers to conduct Denial of Service attacks. The vulnerabilities have a CVSS Base Score of 5.3 (medium) and a Temporal Score of 4.6 (medium). Organizations running Linux systems should apply available mitigations.
Red Hat FUSE libfuse vulnerabilities enable code execution
CERT-Bund issued a security advisory warning of multiple vulnerabilities in Red Hat FUSE (libfuse) versions prior to 3.18.2. The vulnerabilities have a CVSS Base Score of 7.8 (high) and could allow local attackers to execute arbitrary code or cause denial of service. Organizations using affected versions should update immediately.
Aqua Security Trivy Critical Vulnerability (CVSS 9.9)
CERT-Bund issued a critical security advisory (WID-SEC-2026-0898) for a vulnerability in Aqua Security Trivy, an open-source vulnerability scanner for container images, filesystems, and Git repositories. The vulnerability carries a CVSS Base Score of 9.9 (critical) and allows remote attackers to completely compromise affected systems. Multiple product versions are affected including Trivy 0.69.4, setup-trivy <0.2.6, trivy-action <0.35.0, and Container Images 0.69.5 and 0.69.6. Mitigation measures are available.
Foreman RCE vulnerability, CVSS 8.0, fixes available
Foreman RCE vulnerability, CVSS 8.0, fixes available
Critical RCE vulnerability in F5 BIG-IP APM, active exploitation
The NCSC issued an urgent advisory regarding CVE-2025-53521, a critical unauthenticated remote code execution vulnerability in F5 BIG-IP Access Policy Manager that is being actively exploited. All UK organisations using BIG-IP APM are urged to take immediate mitigation action including isolation, investigation for compromise, and patching to the latest version.