Cybersecurity

Google Chrome Skia Out-of-Bounds Write Vulnerability

CISA has added a known exploited vulnerability, CVE-2026-3909, affecting Google Chrome versions prior to 146.0.7680.75. This vulnerability allows remote attackers to perform out-of-bounds memory access via a crafted HTML page. Agencies are directed to apply mitigations by March 13, 2026.

V8 in Chrome Vulnerable to Code Execution

CISA has added a vulnerability in Google Chrome's V8 engine to its Known Exploited Vulnerabilities (KEV) catalog. The vulnerability (CVE-2026-3910) allows remote code execution and requires federal agencies to patch by March 13, 2026.

Microsoft ASP.NET/.NET Vulnerabilities Advisory

This advisory updates information on multiple vulnerabilities in Microsoft ASP.NET and .NET, with a CVSS Base Score of 7.8. The update includes affected products on Ubuntu, Oracle, and Red Hat Linux, in addition to previously listed Microsoft ASP.NET Core and .NET versions.

CPython Vulnerabilities Allow Remote Code Execution

The German Federal Office for Information Security (BSI) has issued a security advisory regarding multiple vulnerabilities in CPython, with a CVSS base score of 7.7. These vulnerabilities allow remote attackers to manipulate files or execute arbitrary code on affected systems.

Vim Vulnerability Allows Code Execution (CVSS 6.6)

The German National Cybersecurity Agency (BSI) has issued a security advisory for a vulnerability in the Vim text editor. The vulnerability, with a CVSS score of 6.6, allows local attackers to execute arbitrary code. Mitigation is available.

FreeRDP Vulnerabilities - Remote Code Execution

CERT-Bund has issued an advisory for multiple vulnerabilities in FreeRDP, a Remote Desktop Protocol implementation. The vulnerabilities have a CVSS base score of 8.8 and allow for remote code execution, denial-of-service, and information disclosure.

Mozilla Firefox, Thunderbird Vulnerabilities (CVSS 8.8)

CERT-Bund has issued an advisory regarding multiple vulnerabilities in Mozilla Firefox, Firefox ESR, and Thunderbird, with a CVSS Base Score of 8.8. The advisory has been updated multiple times to include specific product versions and affected operating systems.

CISA Adds Two Exploited Vulnerabilities to KEV Catalog

CISA has added two new vulnerabilities, CVE-2026-3909 and CVE-2026-3910, to its Known Exploited Vulnerabilities (KEV) Catalog due to evidence of active exploitation. Federal Civilian Executive Branch (FCEB) agencies are required to remediate these vulnerabilities per Binding Operational Directive (BOD) 22-01.

Microsoft Security Patches for Critical Vulnerabilities

The Cyber Security Agency of Singapore (CSA) has issued an alert regarding Microsoft's release of security patches for critical vulnerabilities in its software. These patches address multiple security flaws, some with a base score of 9.8, requiring immediate attention from users and organizations.

HPE Patches Critical Aruba Networking AOS-CX Vulnerabilities

Hewlett Packard Enterprise (HPE) has released patches for critical vulnerabilities in its Aruba Networking AOS-CX operating system. The most severe flaw (CVE-2026-23813) allows unauthenticated remote attackers to reset administrator passwords. Users are urged to update immediately.