Mattermost Server Multiple Vulnerabilities - Data Integrity, CSRF, Policy Bypass
CERT-FR published security advisory CERTFR-2026-AVI-0446 identifying 20 multiple vulnerabilities in Mattermost Server affecting versions 10.11.x before 10.11.14, 11.3.x before 11.3.3, 11.4.x before 11.4.4, and 11.5.x before 11.5.2. Exploitation could result in data integrity compromise, CSRF injection, and security policy bypass. Refer to vendor security bulletins for patches.
Multiples vulnérabilités dans les produits Splunk, risque d'exécution de code arbitraire
CERT-FR a publié un avis signalant plusieurs vulnérabilités critiques dans les produits Splunk, notamment Splunk Cloud Platform, Splunk Enterprise, Splunk ITSI, Splunk MCP Server et Splunk Universal Forwarder. Certaines de ces vulnérabilités permettent à un attaquant d'obtenir une exécution de code arbitraire à distance, une atteinte à la confidentialité des données et une atteinte à l'intégrité des données. Les organisations utilisant ces produits doivent consulter les bulletins de sécurité Splunk référencés pour obtenir les correctifs.
Multiple Vulnerabilities in Cisco ISE and Webex Products
CERT-FR published an advisory about multiple vulnerabilities affecting Cisco ISE, ISE-PIC, and Webex products. The vulnerabilities enable remote code execution (CVE-2026-20147, CVE-2026-20148, CVE-2026-20180, CVE-2026-20186) and security policy bypass (CVE-2026-20184). Affected organizations should apply vendor patches as referenced in Cisco security bulletins.
Drupal Vulnerabilities Allow RCE, SQL Injection, XSS
Drupal Vulnerabilities Allow RCE, SQL Injection, XSS
Multiple Vulnerabilities in Google Chrome
CERT-FR published advisory CERTFR-2026-AVI-0448 notifying users of multiple vulnerabilities in Google Chrome affecting versions prior to 147.0.7727.101 for Linux and 147.0.7727.101/102 for Windows and Mac. The advisory references 32 CVEs (CVE-2026-6296 through CVE-2026-6364) and recommends users apply patches available in Google's security bulletin dated April 15, 2026.
Apache Kafka Vulnerability CVE-2026-35554 Affects Data Confidentiality and Integrity
CERT-FR issued advisory CERTFR-2026-AVI-0449 alerting organizations to a vulnerability in Apache Kafka Clients (CVE-2026-35554). Affected versions include 2.8.x through 3.9.x (prior to 3.9.2), 4.0.x (prior to 4.0.2), and 4.1.x (prior to 4.1.2). The vulnerability allows attackers to compromise data confidentiality and integrity. Organizations are advised to obtain patches from the vendor security bulletin.
Bouncy Castle BC-JAVA Critical Flaws Allow Security Bypass
CERT-Bund issued security advisory WID-SEC-2026-1129 identifying multiple critical vulnerabilities (CVSS Base Score 9.0) in Bouncy Castle BC-JAVA cryptographic library versions prior to 1.84. Attackers could exploit these flaws to bypass cryptographic security measures, disclose confidential information, or cause denial-of-service conditions. The vulnerabilities affect systems running Linux, macOS X, UNIX, Windows, and other operating systems that implement the affected library.
Google Chrome Multiple Critical Vulnerabilities CVSS 9.8
CERT-Bund issued a critical security advisory for Google Chrome versions prior to 147.0.7727.101 (Windows) and 147.0.7727.102 (Linux/MacOS). The vulnerabilities carry a CVSS Base Score of 9.8 (critical) and Temporal Score of 8.5 (high). Attackers can exploit these flaws for potential remote code execution, security measure bypass, denial-of-service, and data manipulation or disclosure. Mitigation is available via update to the patched version.
GIMP Multiple Vulnerabilities Allow Code Execution and Information Disclosure
CERT-Bund issued a security advisory (WID-SEC-2026-1144) identifying multiple vulnerabilities in GIMP (GNU Image Manipulation Program) with a CVSS Base Score of 7.3 (high) and Temporal Score of 6.7 (medium). The vulnerabilities affect versions running on Windows, UNIX, and Linux operating systems. An attacker could exploit these flaws to potentially execute arbitrary code, disclose confidential information, manipulate data, or cause a denial-of-service condition.
Flowise <3.1.0 Critical Flaws Allow Arbitrary Code Execution
CERT-Bund issued security advisory WID-SEC-2026-1145 warning of multiple critical vulnerabilities in Flowise, an open-source user interface for creating LLMs, affecting versions prior to 3.1.0. The flaws carry a CVSS Base Score of 9.9 (critical) and temporal score of 8.9 (high), with remote attack capability confirmed. Attackers can exploit these vulnerabilities to execute arbitrary code, bypass security controls, disclose information, and manipulate files.
Rapid7 Velociraptor Multiple Vulnerabilities, CVSS 8.5
CERT-Bund issued security advisory WID-SEC-2026-1141 disclosing multiple vulnerabilities in Rapid7 Velociraptor (endpoint detection and response/EDR tool) affecting versions prior to 0.76.3 and 0.76.2. The vulnerabilities carry a CVSS Base Score of 8.5 (high) and Temporal Score of 7.4 (high). A remote, authenticated attacker can exploit these flaws to bypass security measures, manipulate data, or potentially execute arbitrary code. Mitigation measures are available.
Cisco Identity Services Engine Critical Vulnerabilities - CVSS 9.9
CERT-Bund issued security advisory WID-SEC-2026-1146 identifying critical vulnerabilities (CVSS Base Score 9.9) in Cisco Identity Services Engine (ISE). Multiple attack vectors allow remote attackers to conduct cross-site scripting, escalate privileges, execute arbitrary code, and disclose information. Organizations running Cisco ISE should apply mitigations immediately.
Sonatype Nexus Repository Manager Critical Flaw Allows Code Execution
Sonatype Nexus Repository Manager Critical Flaw Allows Code Execution
Kyverno Multiple Vulnerabilities, CVSS 8.1, Remote Attack, Privilege Escalation
CERT-Bund published security advisory WID-SEC-2026-1152 identifying multiple vulnerabilities in Kyverno, an open-source policy engine for Kubernetes. The vulnerabilities carry a CVSS Base Score of 8.1 (high) and a CVSS Temporal Score of 7.3 (high), with remote attack capability confirmed. An authenticated remote attacker can exploit these flaws to disclose information, bypass security controls, manipulate data, and elevate privileges. Affected versions are Open Source Kyverno <=1.17.0 and <1.16.4. Mitigations are available.
Apache ActiveMQ Multiple Vulnerabilities - CVSS 8.8 Remote Attack
CERT-Bund issued security advisory WID-SEC-2026-0991 regarding multiple vulnerabilities in Apache ActiveMQ (CVSS Base Score 8.8). Affected products include Client, Broker, and Web components prior to versions 5.19.3 and 6.2.2 (also 5.19.4 and 6.2.3). Remote authenticated attackers can exploit these vulnerabilities to manipulate files or execute arbitrary code on vulnerable systems.
Fortinet FortiAnalyzer und FortiManager: Mehrere Schwachstellen CVSS 8.1
CERT-Bund, operated by the German Federal Office for Information Security (BSI), published security advisory WID-SEC-2026-1093 warning of multiple vulnerabilities in Fortinet FortiAnalyzer and FortiManager products. Affected versions include FortiManager below 7.4.8/7.4.9/7.6.5 and FortiAnalyzer below 7.4.8/7.4.9/7.6.5, with Cloud variants also affected. The vulnerabilities carry a CVSS Base Score of 8.1 (high) and enable remote attackers to manipulate files, perform SQL injection, and execute arbitrary code.
Mattermost Multiple Vulnerabilities CVSS 7.3 High
CERT-Bund published security advisory WID-SEC-2026-1154 warning of multiple vulnerabilities in Mattermost Server and Plugins affecting versions prior to 11.4.4, 10.11.14, 10.5.2, and 11.6.0. The vulnerabilities have a CVSS Base Score of 7.3 (High) and CVSS Temporal Score of 6.4 (Medium), with remote attack capability confirmed. Affected platforms include Linux, UNIX, Windows, and other operating systems. Organizations using Mattermost should review and implement available mitigations.
Apache Airflow Flaw Enables Information Disclosure
Apache Airflow Flaw Enables Information Disclosure
Microsoft Defender Privilege Escalation Vulnerability WID-SEC-2026-1155
CERT-Bund issued security advisory WID-SEC-2026-1155 regarding a privilege escalation vulnerability in Microsoft Defender for Windows. A local attacker can exploit the flaw to elevate their privileges on the affected system. The vulnerability carries a CVSS Base Score of 7.8 (High) and a Temporal Score of 7.4 (High). Remote attack is not possible. No patch or mitigation is currently available as of the advisory date.
Rsync Flaw Enables Security Bypass CVSS 7.4 High
CERT-Bund published security advisory WID-SEC-2026-1156 disclosing a high-severity vulnerability in Rsync versions 3.0.1 through 3.4.1. The flaw carries a CVSS Base Score of 7.4 and allows a remote, authenticated attacker to bypass security measures. Affected systems include Linux and UNIX operating systems. No mitigation is currently available from CERT-Bund.
IBM App Connect Enterprise Critical Vulnerabilities, CVSS 10.0
CERT-Bund issued critical vulnerability advisory WID-SEC-2026-1157 for IBM App Connect Enterprise. Multiple versions including Certified Container <12.0 LTS, <12.0.12.24, <12.21.0, and <13.0.7.0 contain flaws with CVSS Base Score 10.0 and Temporal Score 8.7. Attackers can exploit these vulnerabilities to execute arbitrary code, bypass security controls, perform cross-site scripting, and manipulate data.
Critical Vulnerabilities in Fortinet FortiSandbox
CSA has issued Alert AL-2026-038 advising users to immediately update FortiSandbox products following the discovery of critical vulnerabilities CVE-2026-39808 and CVE-2026-39813. CVE-2026-39808 is an OS command injection vulnerability potentially allowing unauthenticated remote code execution via crafted HTTP requests. CVE-2026-39813 is an authentication bypass vulnerability in the FortiSandbox JRPC API. Affected versions include FortiSandbox 4.44.4.0 through 4.4.8 and FortiSandbox 5.05.0.0 through 5.0.5.
Critical Vulnerability in Axios Library Requires Immediate Update
CSA Singapore has issued an alert regarding a critical security vulnerability (CVE-2026-40175) in the Axios JavaScript library. The vulnerability carries a CVSS v3.1 score of 10 out of 10 and affects all versions below 1.13.2. Successful exploitation could allow unauthenticated remote attackers to perform server-side request forgery attacks, potentially leading to remote code execution and full cloud compromise. Users and administrators are advised to update to the latest version immediately.
NTT DOCOMO Terminal and Communication Method Patent EP4027720A1
The European Patent Office published patent application EP4027720A1 for NTT DOCOMO's terminal and communication method technology. The patent relates to wireless communications systems classified under H04W and H04L. The application designates multiple European member states including Germany, France, United Kingdom, Italy, and Spain.
EP3977697A1 - Method and Apparatus for Scheduling Terminal Devices
The European Patent Office published patent application EP3977697A1 by Telefonaktiebolaget LM Ericsson (publ) for a method and apparatus to schedule terminal devices in telecommunications networks. The patent covers innovations in scheduling terminal devices using various H04L and H04W classification technologies. Inventors are Chunhui Liu, Yongqian Chen, and Bin Li.
Metadata Centric AI Class Reassignment Patent
USPTO published patent application US20260099765A1 for a metadata-centric AI system that reassigns data classifications based on performance metrics and confusion matrix analysis. The invention derives group-specific thresholds from prior classification instances to evaluate and update predicted classifications. Inventors include Madhusoodhana Chari Sesha, Pradeep Kumar Surenran, Ankush Anshuman, Akshay Jain, and Surya Thankamony Somanathan.
Computing User-Specific Item Prices Using AI
USPTO published patent application US20260099858A1 by inventors Veijo Heinonen and Mikko Saikko disclosing a method and apparatus for calculating user-specific item prices using artificial intelligence. The system determines personalized pricing based on user attribute profile vectors, item attribute vectors, price elasticity metrics, and appeal scores. The application (No. 19416874) was filed on December 11, 2025.
Integrated Customer Intelligence Platform and Method
The USPTO has granted Patent Application US20260099856A1 to Kyocera Document Solutions Inc. for an integrated customer intelligence platform and method in document management systems. The system collects customer market data including characteristics, engagement status, and usage patterns to generate actionable recommendations using predictive heuristics models with cyclicality and seasonality probability scoring. Inventors include Selim ZAMAN.
AI Measures Net Gain Loss for Uncertain Events Using Monte Carlo Simulations
The USPTO published patent application US20260099795A1 titled 'System and a Method for Measuring Net Gain and Loss of Alternatives for Uncertain Events.' The application, filed by inventor Ernest Forman on August 31, 2024, discloses an AI system that receives uncertain events, alternatives, objectives, and certain events, then uses Monte Carlo simulations on evaluated likelihoods and consequences to determine expected loss or gain for each alternative. This is a routine USPTO publication of a patent application in the decision-support software field.
ICE Arrests Criminal Aliens Convicted of Sexual Offenses Against Children, Kidnapping, and Violent Crimes
U.S. Immigration and Customs Enforcement (ICE) announced the arrest of multiple criminal aliens convicted of serious offenses including sexual contact with a child, aggravated assault with a deadly weapon, kidnapping, sexual assault, and child molestation. The arrests occurred across multiple U.S. locations including Dallas County, Texas. DHS noted that nearly 70% of ICE arrests involve illegal aliens charged or convicted of crimes in the United States.
ICE Detains Twice-Deported Illegal Alien Wanted for Murder in North Carolina
DHS announced that ICE Homeland Security Investigations issued a detainer on April 9, 2026, for Carlos Anuel Medina-Robles, an illegal alien from Honduras, who is wanted for murder involving a firearm in Durham County, North Carolina. Medina-Robles was arrested in Minot, North Dakota, and the detainer ensures he remains in custody pending extradition. The individual has been deported from the United States twice previously.
ICE Requests Virginia Officials Not Release Guatemalan Illegal Alien Accused of Rape in Arlington County
U.S. Immigration and Customs Enforcement (ICE) requested Virginia Governor Abigail Spanberger and Arlington County officials not release Luzvin Orvando Garcia Moran, a 28-year-old illegal alien from Guatemala currently detained in Arlington County Jail. The individual faces charges including abduction with intent to defile, sodomy by force or victim helplessness, and assault. ICE seeks to deport the individual, who reportedly has at least 25 prior charges.
Azure Privilege Escalation, CVSS 8.8, 14th Apr
Azure Privilege Escalation, CVSS 8.8, 14th Apr
Fortinet FortiSandbox Critical Vulnerabilities CVSS 9.8 Remote Attack
CERT-Bund issued security advisory WID-SEC-2026-1094 disclosing critical vulnerabilities in Fortinet FortiSandbox with CVSS Base Score 9.8. Multiple flaws allow remote attackers to conduct cross-site scripting attacks, disclose information, bypass security measures, and execute code. Affected versions include FortiSandbox below 5.0.5 and below 4.4.9.
Adobe FrameMaker Arbitrary Code Execution Vulnerabilities
CERT-Bund issued security advisory WID-SEC-2026-1108 identifying multiple vulnerabilities in Adobe FrameMaker versions prior to 2026 and prior to 2022 Update 9. The vulnerabilities carry a CVSS Base Score of 8.6 (high). A local attacker could exploit these flaws to execute arbitrary code or disclose confidential information. Mitigation measures are available.
Adobe Connect Multiple Critical Vulnerabilities Allowing Arbitrary Code Execution, CVSS 9.6
CERT-Bund issued a security advisory warning of multiple critical vulnerabilities in Adobe Connect (CVSS Base Score 9.6). Affected versions include Adobe Connect below version 12.11 and Adobe Connect Desktop Application below version 2025.9. Remote anonymous attackers can exploit these flaws to execute arbitrary code or conduct cross-site scripting attacks.
Microsoft Defender Privilege Escalation Vulnerability WID-SEC-2026-1099
CERT-Bund issued advisory WID-SEC-2026-1099 reporting a vulnerability in Microsoft Defender Antimalware Platform enabling local privilege escalation to Administrator rights. The flaw carries a CVSS Base Score of 7.8 (high) and Temporal Score of 7.2 (high). Remote attack is not possible. Mitigations are available.
Froxlor Server Management Software Multiple Vulnerabilities CVSS 9.9
CERT-Bund issued security advisory WID-SEC-2026-1124 identifying critical vulnerabilities in Open Source Froxlor server management software versions prior to 2.3.6. The flaws carry a CVSS Base Score of 9.9 (critical) and CVSS Temporal Score of 8.9 (high). Attackers can exploit these vulnerabilities to execute arbitrary code remotely, bypass security measures, and manipulate files on affected systems running Linux or UNIX.