Search

Chrome and Edge Vulnerabilities Allow Remote Code Execution

CERT-Bund issued a high-severity security advisory (WID-SEC-2026-1030) alerting organizations to multiple vulnerabilities in Google Chrome (versions prior to 147.0.7727.55/56) and Microsoft Edge. The flaws carry a CVSS Base Score of 8.8 and enable remote anonymous attackers to bypass security mechanisms, execute arbitrary code, disclose information, and deceive users. Mitigation is available via software updates.

Mitel MiCollab Multiple Critical Vulnerabilities Including SQL Injection CVSS 9.8

CERT-Bund issued security advisory WID-SEC-2026-1026 warning of multiple critical vulnerabilities in Mitel MiCollab communication suite. The vulnerabilities carry a CVSS Base Score of 9.8 (critical) and enable remote SQL injection attacks and privilege escalation. Affected versions include MiCollab prior to version 10.2 SP1 running on Linux, UNIX, Windows, and other platforms. Mitigation measures are available.

SugarCRM Sugar Enterprise Multiple Vulnerabilities Allow Admin Access

CERT-Bund published security advisory WID-SEC-2026-1021 disclosing multiple critical vulnerabilities in SugarCRM Sugar Enterprise versions prior to 25.1.3 and 14.0.4. The vulnerabilities carry a CVSS Base Score of 8.8 (high), allowing remote attackers to gain administrator privileges, execute cross-site scripting attacks, bypass security controls, manipulate data, disclose confidential information, and cause denial of service.

Intel CPU Privilege Escalation Vulnerability, CVSS 4.7

CERT-Bund issued a security advisory detailing a privilege escalation vulnerability in Intel processors (Pentium Silver Series, Celeron J Series, Celeron N Series). Attackers with physical access can exploit the flaw to elevate privileges, with a CVSS Base Score of 4.7 (medium). Organizations using affected processors should apply available mitigations.

Stryker Corporation 8-K/A - Cybersecurity Incident Material Impact Disclosure

Stryker Corporation filed Form 8-K/A with the SEC amending its March 11, 2026 cybersecurity incident disclosure to formally determine the incident had a material impact on operations and financial results for Q1 2026. The company continues its investigation with third-party experts and law enforcement.

GPL Odorizers GPL750 Missing Authentication Vulnerability CVE-2026-4436

CISA ICS-CERT published advisory ICSA-26-099-02 describing a high-severity vulnerability (CVSS 8.6) in GPL Odorizers GPL750 industrial odorization equipment. The vulnerability (CVE-2026-4436) allows low-privileged remote attackers to send Modbus packets to manipulate register values controlling odorant injection into gas lines, potentially causing too much or too little odorant to be injected. Affected versions include GPL750 (XL4) >=v1.0, (XL4 Prime) >=v4.0, (XL7) >=v13.0, and (XL7 Prime) >=v18.4.

Critical PLC Vulnerability Enables Arbitrary RPCs in Contemporary Controls BASC 20T

CISA published ICS Advisory ICSA-26-099-01 disclosing a critical vulnerability (CVE-2025-13926, CVSS 9.8) in Contemporary Controls BASControl20 version 3.1 PLCs. The flaw allows remote attackers to forge network packets and execute arbitrary Remote Procedure Calls, potentially enabling full device compromise. Affected sectors include Energy, Critical Manufacturing, and Commercial Facilities.

Juniper Networks Multiple Vulnerabilities Allow Remote Code Execution

CERT-FR issued advisory CERTFR-2026-AVI-0408 covering 26 Juniper Networks security bulletins (JSA106016 through JSA107875), addressing multiple critical vulnerabilities in Junos OS and Junos OS Evolved across SRX, MX, and PTX Series platforms. Affected versions span from 21.4-EVO through 25.2R1, with risks including remote code execution, data confidentiality and integrity compromise, denial of service, and privilege escalation. Organizations running affected Juniper devices must apply available patches immediately.

Multiple Elastic Vulnerabilities Allow Remote Code Execution

CERT-FR issued advisory CERTFR-2026-AVI-0413 alerting organizations to multiple critical vulnerabilities in Elastic products (Kibana and Logstash, versions 8.x and 9.x). The vulnerabilities allow remote code execution, data integrity compromise, confidentiality breaches, and denial of service. Organizations using these products must update to patched versions immediately.

Multiple Vulnerabilities in SonicWall SMA1000 Products

CERT-FR issued advisory CERTFR-2026-AVI-0409 warning of four critical vulnerabilities (CVE-2026-4112 through CVE-2026-4116) in SonicWall SMA1000 secure mobile access products. Affected versions include 12.4.3-x prior to 12.4.3-03387 and 12.5.0-x prior to 12.5.0-02624. Successful exploitation could result in data confidentiality breaches, security policy bypass, and privilege escalation.