Multiple Schneider Electric Vulnerabilities, Data Integrity and Confidentiality Risk
CERT-FR published advisory CERTFR-2026-AVI-0433 disclosing multiple vulnerabilities in Schneider Electric industrial control products. Affected products include Easergy MiCOM protection relays (multiple models), EcoStruxure Control Expert, Connexium Managed Switches, and Modicon Redundancy Switches. The vulnerabilities enable remote denial of service, data confidentiality breaches, data integrity compromise, and security policy bypass. Organizations should refer to vendor security bulletins for patches.
Multiple Microsoft Product Vulnerabilities, 4 CVEs
CERT-FR issued advisory CERTFR-2026-AVI-0435 warning of four unpatched vulnerabilities (CVE-2026-27456, CVE-2026-3184, CVE-2026-34933, CVE-2026-4878) in Microsoft products affecting azl3 and cbl2 system versions. The vulnerabilities allow attackers to cause unspecified security issues. Organizations running affected azl3 versions of avahi, libcap, and util-linux, or cbl2 versions of avahi and libcap, should apply patches per Microsoft security bulletins.
Multiple Vulnerabilities in SAP Products Allow Remote Code Execution
CERT-FR published advisory CERTFR-2026-AVI-0434 alerting organizations that multiple vulnerabilities have been discovered in SAP products. Affected systems span SAP NetWeaver Application Server ABAP and Java, S/4HANA, BusinessObjects, and numerous other SAP platforms across versions 700-816. The vulnerabilities expose organizations to remote code execution, SQL injection, cross-site scripting, denial of service, and data confidentiality breaches.
Multiple Vulnerabilities in Python Allowing Remote Code Execution
CERT-FR issued advisory CERTFR-2026-AVI-0430 warning of multiple vulnerabilities in Python/CPython affecting systems without latest security patches. Two CVEs are referenced: CVE-2026-4786 and CVE-2026-6100. The vulnerabilities allow remote code execution and other unspecified security issues. Organizations running CPython should consult vendor security bulletins for patches.
Multiple Vulnerabilities in Synology SSL VPN Client Prior to 1.4.5-0684
CERT-FR published advisory CERTFR-2026-AVI-0431 alerting to multiple vulnerabilities in Synology SSL VPN Client affecting versions prior to 1.4.5-0684. The vulnerabilities could allow attackers to compromise data confidentiality and integrity. The advisory references Synology security bulletin Synology_SA_26_05 and two CVEs (CVE-2021-47960 and CVE-2021-47961). Organizations using the affected product should consult the vendor's security bulletin for patch information.
Multiple Vulnerabilities in Siemens Products Allow Remote Code Execution
CERT-FR issued security advisory CERTFR-2026-AVI-0432 detailing multiple vulnerabilities in Siemens industrial automation products including SCALANCE W-700, SIMATIC CN/Field/IPC series, and related industrial computing devices. The vulnerabilities enable remote code execution, privilege escalation, denial of service, cross-site scripting, and data confidentiality breaches. Affected parties should immediately consult Siemens security bulletins SSA-019200 and SSA-628843 for available patches and apply mitigations.
Ericsson Uplink Beam Management Multiple Antenna Panels Patent Application
USPTO published patent application US20260100793A1 filed by Telefonaktiebolaget LM Ericsson on January 10, 2023. The application discloses methods for uplink beam management enabling wireless devices to simultaneously transmit and receive from multiple antenna panels. The invention allows devices to indicate multi-panel capability to networks and configure uplink reference signals across different antenna groups.
Time-Domain Channel Property Reporting Method and Apparatus for Wireless Communications
The USPTO published patent application US20260100794A1 for a time-domain channel property (TDCP) reporting method. The invention enables wireless devices to report channel correlation measurements using tracking reference signals (TRS) over physical uplink channels. The application was filed on September 25, 2023, by inventors Ahmed Hindy and Vijay Nangia.
PUSCH Multi-TRP Scheduling with UL TCI Indication
The USPTO published patent application US20260100789A1 disclosing systems and methods for Physical Uplink Shared Channel (PUSCH) multi-Transmission/Reception Point (TRP) scheduling with Uplink Transmission Configuration Indicator (UL TCI) indication. The application covers wireless device procedures for obtaining TCI state configurations, activating/deactivating subsets of configured TCI states, and mapping indicated TCI states to transmission occasions or repetitions. When two TCI states are indicated, the wireless device transmits two different PUSCHs each corresponding to one indicated TCI state; when one TCI state is indicated, the device transmits a single PUSCH.
Wireless HARQ Feedback Repetition for Random Access Procedures
Koninklijke Philips N.V. filed patent application US20260100785A1 covering wireless devices and methods for hybrid automatic repeat request (HARQ) feedback repetition in random access procedures. The invention enables devices to dynamically determine repetition numbers for HARQ feedback and preamble transmissions based on reference signal received power thresholds. The application was published on April 9, 2026, with a filing date of December 2, 2025.
Quantum Error Mitigation for Probability Distributions
The USPTO published patent application US20260099753A1 for a quantum computing system that performs error mitigation on probability distributions obtained from quantum circuit observables. The system executes multiple shots of a quantum circuit to obtain noise probabilities, determines expectation values, performs error mitigation, and transforms results into error mitigated probability distributions. The application was filed on October 9, 2024.
Methods and Apparatus to Process Training Data for an AI-Based Model
The USPTO published patent application US20260099759A1 by Niall Fitzgerald, covering methods and apparatus for processing AI training data using feature transformation, hash signature generation, and clustering techniques. The application relates to apparatus comprising interface circuitry and programmable circuits to filter training data clusters and train AI-based models. The application was filed on October 4, 2024, and published on April 9, 2026.
Machine Learning Model Training Using Randomized Solutions to Find Global Minimum
The USPTO published patent application US20260099758A1, filed October 4, 2024, for a machine learning technique that identifies global minimums across local minimums. Inventors Bikramaditya Padhi and Ramprasadh Kothandaraman disclosed an application server method using randomized solutions and threshold-based evaluation to optimize model training.
Hardware and Parameter-Aware ML Model GPU Efficiency Tuning Systems
USPTO published patent application US20260099757A1 for hardware and parameter-aware machine learning model GPU efficiency tuning systems. The application includes claims for methods and systems that receive ML training requests with fixed and dynamic configurations, generate task embeddings, train prediction modules on known configurations, and return optimal training efficiency configurations based on model utilization scores. Inventors include Pin-Lun Hsu, Vignesh KOTHAPALLI, Animesh SINGH, Qingquan SONG, Yun DAI, and Shao TANG. Filing date was October 4, 2024, with application number 18906517.
Quantum Circuit Optimization via Coordinate-Descent Method
Quantum Circuit Optimization via Coordinate-Descent Method
Decoder Circuit FSK Signals Sampling Point Drift Correction
USPTO published patent application US20260100871A1, filed September 5, 2025, for a decoder circuit correcting sampling point drift in FSK modulated signals. The invention by inventors Carlo Porcaro and Daniele Colonna includes sampling point drift correction circuitry that varies sample counter end-of-count values when accumulated error reaches a drift reference threshold. Application number 19319951 has CPC classification H04L 27/14.
Network Device Auto-Provisioning Method for Unconfigured Computing Devices
The USPTO published patent application US20260100878A1 titled 'Systems and Methods for Provisioning Automatic Configurations on Unconfigured Computing Devices.' The application, filed on October 9, 2024 (Application No. 18911032), covers methods for automatically detecting and provisioning unconfigured computing devices on a network fabric via a controller. Inventors include Rajendra Jayasheel, SelvaKumar Sivaraj, Pavana C V, and Sushant Kumar.
XWiki Multiple Vulnerabilities - DoS and XSS Attacks (WID-SEC-2026-1089)
CERT-Bund issued security advisory WID-SEC-2026-1089 identifying critical vulnerabilities (CVSS Base Score 9.6) in XWiki open-source wiki software. Affected versions include those prior to 16.10.16, 17.4.8, and 17.10.1. An attacker can exploit these vulnerabilities to conduct denial of service attacks and cross-site scripting (XSS) attacks. Mitigations are available.
ESRI ArcGIS Multiple Vulnerabilities, CVSS 9.8 (Critical)
CERT-Bund issued a security advisory about multiple critical vulnerabilities in ESRI ArcGIS geographic information system software (versions 11.5 and 12.0) with a CVSS Base Score of 9.8 (critical) and Temporal Score of 8.5 (high). An attacker can exploit these vulnerabilities remotely to elevate privileges or bypass security measures. Organizations using affected ArcGIS products should apply available mitigations.
MinIO Object Storage Multiple Authentication Bypass Vulnerabilities - CVSS 8.2
CERT-Bund issued security advisory WID-SEC-2026-1081 identifying multiple vulnerabilities in MinIO object storage software with CVSS Base Score 8.2 (High) and Temporal Score 7.1 (High). Remote anonymous attackers can exploit these flaws to bypass authentication and manipulate data. Affected version: Open Source MinIO prior to 2026-04-11T03-20-12Z.
Apache Airflow Vulnerabilities Allow Code Execution
Apache Airflow Vulnerabilities Allow Code Execution
SAP Patchday April 2026: 13 Kritische Schwachstellen, CVSS 9.9
CERT-Bund published security advisory WID-SEC-2026-1078 disclosing 13 critical vulnerabilities in SAP Software affecting multiple operating systems (Linux, UNIX, Windows, and others). The vulnerabilities have a CVSS Base Score of 9.9 (critical) and Temporal Score of 8.6 (high), with remote attack capability confirmed. Attackers can exploit these flaws to conduct SQL injection, gain elevated privileges, execute arbitrary code, bypass security controls, perform cross-site scripting, manipulate data, or disclose confidential information.
Passive Equalizer with Front-End Level-Shifter for Networking Signal Processing
The USPTO published patent application US20260100869A1 for a passive equalizer with front-end level-shifter (FELS) for networking signal processing. The invention by inventors Shawn Wang, Wenlong Jiang, Arif Amin, and Dai Dai describes a receiver device with a programmable common mode feedback circuit and passive RLC network. The technology enables level shifting of agnostic common-mode signals in AC-coupled or DC-coupled modes for analog signal processing applications.
OFDM Channel Estimation Using FMCW Signals for Wireless Communication
USPTO published patent application US20260100864A1 for methods and systems enabling wireless devices to estimate orthogonal frequency division multiplexing (OFDM) channels using frequency modulated continuous waveform (FMCW) signals. The invention describes techniques for receiving, generating, combining, filtering, and sampling FMCW signals to estimate frequency domain OFDM channels for wireless communication.
Push-Pull Transmitter Circuit with Reflection Signal Attenuator for Communication System
USPTO published patent application US20260100866A1 for a push-pull transmitter circuit with integrated reflection signal attenuator for communication systems. The invention by Tasuku Yuguchi and Naoki Inoue includes rectifier elements and voltage cap elements designed to isolate reflection signals from communication signals. The application (No. 19330786) was filed September 16, 2025.
Maximum Likelihood Sequence Detection Circuit, Detection Method, Detection Apparatus and Electronic Device
The USPTO published patent application US20260100868A1 on April 9, 2026, filed by inventors Jinxin LI and Xiaofan LU. The application covers a maximum likelihood sequence detection circuit with an equalization processing module, state selection module, and detection module for communications systems. CPC classifications include H04L 25/03318 and H04L 25/03057. The application was filed on June 27, 2023, under Application No. 19113953.
Symbol Multiplexing Physical Medium Attachment (PMA) Patent Application
USPTO published patent application US20260100870A1 assigned to Cisco Technology, Inc. The application covers symbol multiplexing methods for Physical Medium Attachment (PMA) technology, involving lane processing including alignment marker detection, de-skewing, and symbol-wise multiplexing of data lanes.
Energy-Aware ATSSS Wireless Traffic Steering Method
The USPTO published patent application US20260100857A1 disclosing methods and systems for energy-aware Access Traffic Steering, Switching and Splitting (ATSSS) in wireless networks. The invention enables a wireless transmit-receive unit to initiate multi-access packet data unit session establishment with energy optimization capabilities. The policy control function generates PCC rules incorporating energy estimates for traffic and QoS flows across both access legs of the MA PDU session, enabling energy-aware traffic steering policies.
LG Home Appliance Wi-Fi Auto-Registration via MAC Matching
USPTO published LG Electronics Inc. patent application US20260100860A1 for an automatically registrable home appliance system. The invention uses Wi-Fi module MAC address matching between appliances to enable automatic registration with a server. The system compares MAC information received via Wi-Fi with MAC information included in broadcast information from a second home appliance.
Enhanced Real-Time Linking Methods and Systems Patent Application
USPTO published patent application US20260100917A1 by Live Nation Entertainment, Inc. on April 9, 2026. The application covers systems and methods for enabling real-time linking between devices and defining assignment conditions for resource access rights.
Adobe Acrobat Use-After-Free Vulnerability CVE-2020-9715
CISA added CVE-2020-9715 to the Known Exploited Vulnerabilities (KEV) catalog. The vulnerability is a use-after-free flaw in Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier. Successful exploitation could lead to arbitrary code execution. The SSVC assessment rates exploitation as 'active' with total technical impact.
Windows Common Log File System Driver Elevation of Privilege Vulnerability CVE-2023-36424
CISA has added CVE-2023-36424 to its Known Exploited Vulnerabilities catalog. The vulnerability is a Windows Common Log File System Driver elevation of privilege flaw with a CVSS 3.1 score of 7.8 (HIGH). It affects numerous Windows versions including Windows 10, 11, Server 2019-2022, and legacy systems. CISA has determined this vulnerability has been actively exploited in the wild, triggering remediation requirements for federal agencies under Binding Operational Directive 22-01.
CVE-2012-1854: VBA Insecure Library Loading Vulnerability
CISA has cataloged CVE-2012-1854, an untrusted search path vulnerability in VBE6.dll affecting Microsoft Office 2003 SP3, 2007 SP2/SP3, and 2010 Gold/SP1; Microsoft Visual Basic for Applications (VBA); and Summit Microsoft Visual Basic for Applications SDK. The vulnerability allows local users to gain privileges via a Trojan horse DLL in the current working directory. CISA confirms this vulnerability was exploited in the wild in July 2012. CVSS 3.1 score is 7.8 (HIGH) with exploitation status marked as 'active' in the KEV catalog.
Microsoft Windows Host Process for Windows Tasks Privilege Escalation Vulnerability CVE-2025-60710
CISA added CVE-2025-60710 to the Known Exploited Vulnerabilities catalog on 2026-04-13. The vulnerability is an improper link resolution flaw in Host Process for Windows Tasks enabling local privilege escalation. CVSS 3.1 score is 7.8 (HIGH). Exploitation is active but not automatable per SSVC v2.0.3.
CVE-2023-21529: Microsoft Exchange Server RCE Vulnerability Added to Known Exploited Vulnerabilities Catalog
CISA added CVE-2023-21529, a Microsoft Exchange Server remote code execution vulnerability, to the Known Exploited Vulnerabilities (KEV) catalog. The vulnerability carries a CVSS 3.1 score of 8.8 (HIGH) and is attributed to CWE-502 (Deserialization of Untrusted Data). Exploitation is assessed as 'active' with total technical impact and no automatable exploitation vector. Affected versions span Exchange Server 2016 and 2019 across multiple build ranges. Federal agencies are subject to BOD 22-01 remediation requirements for KEV catalog entries.
Adobe Acrobat Code Execution Vulnerability, CVSS 8.6
CISA added CVE-2026-34621 to its Known Exploited Vulnerabilities (KEV) catalog on April 13, 2026. The vulnerability affects Adobe Acrobat Reader versions 24.001.30356, 26.001.21367 and earlier, with a CVSS score of 8.6. Successful exploitation allows arbitrary code execution via a malicious PDF file through prototype pollution. Federal agencies are subject to Binding Operational Directive 22-01 remediation timelines.
CVE-2026-21643: FortiClientEMS SQL Injection Vulnerability
CISA has added CVE-2026-21643 to the Known Exploited Vulnerabilities (KEV) catalog. The vulnerability is a SQL injection flaw in Fortinet FortiClientEMS 7.4.4 allowing unauthenticated remote code execution via crafted HTTP requests. Exploitation is confirmed active, automatable, and achieving total technical impact. CVSS score is 9.1 (CRITICAL). Federal agencies are subject to remediation requirements under Binding Operational Directive 22-01.
ML Model Selects Analytics Based on Wireless Network State
The USPTO published patent application US20260100889A1 for an apparatus and method that uses machine learning models to select analytics services based on wireless network state. The system receives a request for analytics services including a use case parameter, determines an appropriate ML model based on both the use case parameter and current network conditions, and returns analytics information derived from the selected model. The inventors are Konstantinos Samdanis and Dimitrios Karampatsis, with filing date January 4, 2023 and application number 19113887.
ICE Arrests Multiple Criminal Aliens Including Pedophiles, Rapists, and Violent Assailants Over Weekend
DHS released a press statement announcing that ICE arrested multiple criminal aliens over a weekend in April 2026. Those arrested were convicted of offenses including aggravated sexual abuse of a child, rape, corporal injuries to spouse or cohabitant, and assault with a deadly weapon. The announcement highlighted ICE enforcement activity across the country targeting individuals present in the US without legal status who had criminal convictions.
Critical Remote Code Execution Vulnerability in Red Hat Enterprise Linux Cockpit
CERT-Bund, operating under the German Federal Office for Information Security (BSI), issued a critical security advisory regarding a remote code execution vulnerability in Red Hat Enterprise Linux Cockpit. The vulnerability carries a CVSS Base Score of 9.8 (critical) and a Temporal Score of 8.5 (high). Affected versions include Red Hat Enterprise Linux 9.6 and Red Hat Enterprise Linux 10. Organizations using these systems should apply available mitigations immediately.
OpenClaw Multiple Critical Vulnerabilities Allow Remote Code Execution
CERT-Bund issued security advisory WID-SEC-2026-1065 alerting to multiple critical vulnerabilities in OpenClaw, a personal AI assistant for local devices. The flaws carry a CVSS Base Score of 8.8 (high) and enable remote attackers to gain administrator privileges, execute arbitrary code, bypass security controls, and disclose or manipulate data. The affected version is Open Source OpenClaw prior to version 2026.3.25. Users are advised to apply available mitigations and update to the patched release.
Red Hat OpenShift AI Vulnerability Enables Information Disclosure and Privilege Escalation
CERT-Bund issued a security advisory regarding a vulnerability in Red Hat OpenShift AI (affecting versions 2.16.4, 2.25.4, 3.3.1, and 3.2). The vulnerability, with a CVSS Base Score of 8.5 (high) and Temporal Score of 7.4 (high), allows a remote, authenticated attacker to exploit the flaw to disclose confidential information and potentially escalate privileges. Mitigation measures are available.
Red Hat Enterprise Linux Multiple Vulnerabilities, Remote Attack
Red Hat Enterprise Linux Multiple Vulnerabilities, Remote Attack