Searching in Data Privacy & Cybersecurity · Search everything
737 changes Data Privacy & Cybersecurity
Multiple Python Vulnerabilities Affect CPython Systems
CERT-FR has issued a security advisory regarding multiple vulnerabilities discovered in Python, specifically affecting CPython systems without the latest security patches. These vulnerabilities could lead to security policy bypass. Users are advised to consult the editor's security bulletins for available patches.
Microsoft Edge Vulnerability CVE-2026-3909
CERT-FR has issued a security advisory regarding a vulnerability in Microsoft Edge, identified as CVE-2026-3909. The advisory notes that this vulnerability is actively being exploited and affects versions prior to 146.0.3856.62.
Gitea Vulnerabilities Allow Bypass, Data Manipulation, Disclosure
CERT-Bund has issued a security advisory for Gitea, detailing multiple vulnerabilities with a CVSS base score of 7.3. These vulnerabilities can allow attackers to bypass security measures, manipulate data, and disclose confidential information. Users are advised to update to Gitea version 1.25.5 or later.
Kubernetes Vulnerability Allows Remote File Manipulation
CERT-Bund has issued a security advisory (WID-SEC-2026-0738) regarding a vulnerability in Kubernetes that allows remote authenticated attackers to manipulate files. The vulnerability affects the Open Source Kubernetes CSI Driver for NFS versions prior to 4.13.1 and has a CVSS Base Score of 6.5.
Mattermost Vulnerabilities: Remote Attack Possible
CERT-Bund has issued a security advisory regarding multiple vulnerabilities in Mattermost Server versions prior to 11.4.0, 11.3.1, 11.2.3, 10.11.11, 11.6.0, 10.11.13, 11.5.1, 11.4.3, and 10.11.13. These vulnerabilities have a CVSS base score of 7.3 and allow for remote attacks.
OpenCTI Vulnerability Allows Bypassing Security Measures
CERT-Bund has issued a security advisory for OpenCTI, a cyber threat intelligence platform. A vulnerability (CVE) allows remote, authenticated attackers to bypass security measures. The advisory affects OpenCTI versions prior to 6.9.1.
Langflow Vulnerabilities Allow Code Execution and Security Bypass
CERT-Bund has issued a security advisory (WID-SEC-2026-0747) regarding critical vulnerabilities in Langflow versions <=1.8.1 and <1.7.2. These flaws allow remote code execution and security bypass, with a CVSS base score of 10.0. Mitigation is available.
Vercel Next.js Vulnerabilities Allow DoS or Security Bypass
CERT-Bund has issued a security advisory for Vercel Next.js, detailing vulnerabilities that could allow remote attackers to perform Denial of Service attacks or bypass security measures. The advisory affects versions prior to 16.1.7 and 15.5.13, with a CVSS base score of 6.5.
NetBox Cross-Site Scripting Vulnerability Advisory
CERT-Bund has issued a security advisory for NetBox, detailing a vulnerability that allows for Cross-Site Scripting attacks. The advisory affects NetBox version 4.3.5 and provides information on mitigation strategies.
libexif Vulnerability Allows Code Execution and Denial-of-Service
CERT-Bund has issued a security advisory regarding a vulnerability in the libexif library (versions <=0.6.25). The vulnerability allows local attackers to execute arbitrary code, cause a denial-of-service, or disclose confidential information. Mitigation is available.
FFmpeg Vulnerability Allows Denial of Service and Information Disclosure
CERT-Bund has issued a security advisory (WID-SEC-2026-0740) regarding a vulnerability in the FFmpeg RV60 video decoder. The vulnerability allows remote attackers to cause a Denial of Service or disclose information. Affected versions include Open Source ffmpeg <8.1, 8.0, and 8.0.1.
CPython Vulnerabilities Allow File Manipulation and DoS
CERT-Bund has issued a security advisory regarding multiple vulnerabilities in CPython versions prior to 3.15.0. These vulnerabilities can be exploited by authenticated remote attackers to manipulate files or cause a denial-of-service condition. The advisory provides mitigation information for affected systems.
Octopus Deploy Vulnerability Allows Remote File Manipulation
CERT-Bund has issued a security advisory for Octopus Deploy, detailing a vulnerability that allows remote authenticated attackers to manipulate files. The advisory affects specific versions of Octopus Deploy running on Linux and Windows and provides mitigation information.
OpenClaw AI Assistant Vulnerabilities
CERT-Bund has issued a security advisory for OpenClaw, an AI assistant, detailing multiple vulnerabilities with a high CVSS base score of 8.1. The advisory urges users to mitigate the risks associated with privilege escalation and confidential information disclosure.
ImageMagick Vulnerability Allows Remote Denial of Service
CERT-Bund has issued a security advisory for ImageMagick, detailing a vulnerability that allows remote denial of service attacks. The advisory affects versions prior to Open Source ImageMagick <7.1.2-17 and <6.9.13-42, impacting Linux, UNIX, and Windows systems.
ENISA Chairs EU Agencies Network, Strengthens Cybersecurity
ENISA has taken over the chair of the EU Agencies Network (EUAN) for 2025-2026, focusing on implementing a new governance framework and strengthening cybersecurity across EU agencies. A Memorandum of Understanding was signed to reassert cooperation on shared services, including HR, cybersecurity, and legal services.
CISA KEV: Wing FTP Server Path Disclosure Vulnerability
CISA has added CVE-2025-47813, a path disclosure vulnerability in Wing FTP Server, to its Known Exploited Vulnerabilities (KEV) catalog. This vulnerability affects versions prior to 7.4.4 and requires specific conditions to exploit.
CERT-Bund Security Advisory WID-SEC-2026-0733
CERT-Bund has issued security advisory WID-SEC-2026-0733, detailing a new vulnerability. This advisory provides technical details and recommendations for affected parties to mitigate potential security risks.
Dell Secure Connect Gateway Vulnerability Allows Code Execution
CERT-Bund has issued a security advisory for Dell Secure Connect Gateway, identifying a vulnerability that allows remote code execution. The advisory affects versions prior to 5.34.00.00 on Windows systems. Users are advised to apply available mitigations.
GNU InetUtils Multiple Vulnerabilities (CVSS 9.8)
CERT-Bund has issued a security advisory (WID-SEC-2026-0734) regarding critical vulnerabilities in GNU InetUtils versions up to 2.7. These vulnerabilities, rated CVSS 9.8, allow for remote code execution and information disclosure on Linux and UNIX systems. Users are advised to update their systems.
CISA Adds Wing FTP Server Vulnerability to KEV Catalog
CISA has added CVE-2025-47813, a Wing FTP Server information disclosure vulnerability, to its Known Exploited Vulnerabilities (KEV) Catalog. This addition is based on evidence of active exploitation and poses significant risks to federal agencies.
Multiple vulnerabilities found in Microsoft products
CERT-FR has issued a notice regarding multiple vulnerabilities discovered in various Microsoft products. The advisory lists affected systems and directs users to Microsoft's security bulletins for patches.
OpenSSL Vulnerability Advisory
CERT-FR has issued an advisory regarding a vulnerability discovered in specific versions of OpenSSL. The advisory, dated March 16, 2026, references CVE-2026-2673 and urges users to consult the OpenSSL security bulletin for patch information.
Google Chrome Vulnerability Advisory
CERT-FR has issued an advisory regarding a vulnerability in Google Chrome, affecting versions prior to 146.0.7680.80. The vulnerability (CVE-2026-3909) is reportedly being actively exploited, and users are advised to update their software.
Microsoft Edge Multiple Vulnerabilities Disclosed
CERT-FR has issued an advisory regarding multiple vulnerabilities discovered in Microsoft Edge. One vulnerability, CVE-2026-3910, is reported to be actively exploited. Users are advised to update their software to the latest versions.
FedRAMP Updates: Marketplace, RFC Outcomes, RSS Feed
FedRAMP has updated its Marketplace with a new URL and user experience, and introduced an RSS feed for its Changelog. Several public notices were published detailing the outcomes of various RFCs concerning program certifications, external frameworks, and authorization designations.
Microsoft Edge Android Vulnerability Allows Display of False Information
CERT-Bund has issued a security advisory for a vulnerability in Microsoft Edge for Android, allowing remote attackers to display false information. The advisory details affected versions and provides mitigation information.
NetX Vulnerability Allows Unspecified Attack
CERT-Bund has issued a security advisory (WID-SEC-2026-0731) regarding a vulnerability in NetX, a digital inventory management system. The vulnerability, with a CVSS base score of 6.5, allows for an unspecified remote attack and affects Linux, UNIX, and Windows operating systems.
OpenBSD Vulnerability Allows Attack and Denial of Service
CERT-Bund has issued a security advisory (WID-SEC-2026-0730) regarding a vulnerability in OpenBSD versions prior to 7.8. The vulnerability could allow an attacker to perform unspecified attacks and potentially cause a denial of service. The advisory includes a CVSS base score of 7.5.
Angular XSS Vulnerability Advisory
CERT-Bund has issued a security advisory for Angular, detailing a Cross-Site Scripting (XSS) vulnerability with a CVSS score of 8.0. The advisory affects specific versions of open-source Angular and provides mitigation information.
OpenSSL Vulnerability Allows Bypassing Security Measures
CERT-Bund has issued a security advisory for OpenSSL versions prior to 3.6.2 and 3.5.6. A remote, authenticated attacker can exploit a vulnerability to bypass security measures. Mitigation is available.
OpenClaw Vulnerabilities Allow Code Execution and Privilege Escalation
CERT-Bund has issued a security advisory (WID-SEC-2026-0727) regarding critical vulnerabilities in OpenClaw, a personal AI assistant. The vulnerabilities, with a CVSS Base Score of 9.9, allow for code execution, privilege escalation, data manipulation, and denial-of-service attacks.
CISA Tribal Consultation Transcript
The Cybersecurity and Infrastructure Security Agency (CISA) has posted a transcript from a tribal consultation. This document provides a record of discussions related to cybersecurity initiatives and concerns impacting tribal nations.
Cherokee Nation CIRCIA Comments
The Cybersecurity and Infrastructure Security Agency (CISA) has posted comments submitted by the Cherokee Nation regarding the Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA). These comments are part of the ongoing public consultation process for developing CIRCIA regulations.
CISA Tribal Consultation Transcript
The Cybersecurity and Infrastructure Security Agency (CISA) has posted the transcript from its tribal consultation meeting held on February 13, 2026. This document provides a record of discussions between CISA and tribal nations regarding cybersecurity initiatives and concerns.
CISA Cybersecurity Proposed Rule Comments
The Cybersecurity and Infrastructure Security Agency (CISA) has posted comments from the Bristol Bay Native Corporation regarding a proposed rule. This submission is part of the public consultation period for new cybersecurity regulations.
CISA CIRCIA Comments Posted
The Cybersecurity and Infrastructure Security Agency (CISA) has posted comments received regarding the Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA). These comments are part of the ongoing public consultation process for the development of CIRCIA regulations.
Privacy Board Meeting on FISA Surveillance Report
The Privacy and Civil Liberties Oversight Board (PCLOB) announced a public meeting on July 2, 2014, to vote on its report concerning surveillance programs operated under Section 702 of the Foreign Intelligence Surveillance Act. The meeting is open to the public.
PCLOB Meeting and Public Comment Period
The Privacy and Civil Liberties Oversight Board (PCLOB) announced a public meeting on July 23, 2014, to discuss its semi-annual report and future agenda. The public has until August 29, 2014, to submit written comments on the PCLOB's mid-term and long-term agenda.
PCLOB Public Hearing on FISA Section 702 Surveillance
The Privacy and Civil Liberties Oversight Board (PCLOB) announced a public hearing on March 19, 2014, to discuss the federal government's surveillance program under Section 702 of FISA. The hearing aims to evaluate legal and policy issues and consider recommendations for balancing counterterrorism efforts with privacy and civil liberties.
Privacy Board Meeting Notice and Public Comment Request
The Privacy and Civil Liberties Oversight Board has issued a notice for a public meeting on "Defining Privacy" and is requesting written comments. The meeting will discuss privacy in the context of government counterterrorism programs, technology's impact, and lessons learned from the private sector. Comments are due by December 31, 2014.
PCLOB Seeks Public Input on Counterterrorism Activities
The Privacy and Civil Liberties Oversight Board (PCLOB) is seeking public comment on its examination of counterterrorism activities conducted under Executive Order 12333. The PCLOB is requesting input on concerns related to these activities and suggestions for inquiry.
Public Meeting on Executive Order 12333 Intelligence Activities
The Privacy and Civil Liberties Oversight Board announced a public meeting to discuss Executive Order 12333 concerning U.S. intelligence activities. The meeting will cover historical background, constitutional implications, and oversight mechanisms related to counterterrorism efforts.
Privacy and Civil Liberties Oversight Board Closed Meeting Notice
The Privacy and Civil Liberties Oversight Board (PCLOB) issued a notice for a closed meeting to discuss proposed topics for an in-depth examination of counterterrorism activities governed by Executive Order 12333. The meeting was scheduled for July 1, 2015, and was closed due to classified information.
PCLOB Meeting Notice on Classified Matters and Counterterrorism
The Privacy and Civil Liberties Oversight Board (PCLOB) issued a notice for a closed meeting on November 9, 2015, to discuss in-depth examinations of counterterrorism-related activities. The meeting was closed to the public due to the classified nature of the discussions, in accordance with Executive Order 13526.
FISA Section 702 Comment Period Extended
The PCLOB has extended the comment period for its oversight project examining Section 702 of the Foreign Intelligence Surveillance Act (FISA). The new deadline for submitting comments is November 4, 2022.
PCLOB Forum on Financial Tools, Privacy, and Civil Liberties
The Privacy and Civil Liberties Oversight Board (PCLOB) is hosting a public forum on December 2nd, 2025, to discuss the impact of government financial tools on privacy and civil liberties. The Board is seeking public comments on this issue, with a deadline of December 12th, 2025.
PCLOB Finalizes FOIA, Privacy Act, Sunshine Act Regulations
The Privacy and Civil Liberties Oversight Board (PCLOB) has finalized regulations implementing the Freedom of Information Act, Privacy Act, and Government in the Sunshine Act. These final rules detail procedures for public requests for records, response timeframes, and applicable fees, superseding the proposed rule published in May 2013.
PCLOB Meeting on USA PATRIOT Act Surveillance Program
The Privacy and Civil Liberties Oversight Board (PCLOB) announced a public meeting on January 23, 2014, to vote on its report concerning the USA PATRIOT Act surveillance program and the Foreign Intelligence Surveillance Court. The meeting is open to the public.
PCLOB Public Hearing on Surveillance Programs
The Privacy and Civil Liberties Oversight Board (PCLOB) is holding a public hearing on federal counterterrorism surveillance programs, including those under Section 215 of the USA PATRIOT Act and Section 702 of FISA. The hearing aims to address activities, responsibilities, and potential recommendations for changes to ensure a balance between counterterrorism efforts and privacy/civil liberties.