Searching in Data Privacy & Cybersecurity · Search everything
687 changes Data Privacy & Cybersecurity
CVE-2026-1340 Ivanti EPMM Code Injection Vulnerability Added to KEV Catalog
CISA added CVE-2026-1340, an Ivanti Endpoint Manager Mobile (EPMM) code injection vulnerability, to its Known Exploited Vulnerabilities (KEV) Catalog based on evidence of active exploitation. The vulnerability poses significant risk as a frequent attack vector for malicious cyber actors targeting federal enterprises. Federal Civilian Executive Branch agencies are required to remediate vulnerabilities identified in the KEV Catalog pursuant to BOD 22-01.
Windows privilege escalation, NT AUTHORITYSYSTEM access, unpatched
Windows privilege escalation, NT AUTHORITYSYSTEM access, unpatched
Apache Cassandra Multiple Vulnerabilities - Privilege Escalation, Information Disclosure, DoS
CERT-Bund issued a security advisory warning of multiple vulnerabilities in Apache Cassandra database systems with a CVSS Base Score of 8.8. The flaws affect versions prior to 4.1.11, 5.0.7, and 4.0.20 across Linux, Windows, and UNIX platforms. Attackers can exploit these vulnerabilities to achieve privilege escalation, disclose information, and execute denial-of-service attacks.
Multiples vulnérabilités dans les produits Mozilla
CERT-FR published security advisory CERTFR-2026-AVI-0404 alerting to multiple remote code execution vulnerabilities in Mozilla Firefox, Firefox ESR, and Thunderbird. Firefox ESR versions before 115.34.1 and 140.9.1, Firefox before 149.0.2, and Thunderbird versions before 140.9.1 and 149.0.2 are affected. Five CVEs are referenced including CVE-2026-5731 through CVE-2026-5735.
Multiple Vulnerabilities in Microsoft Products
CERT-FR issued an advisory warning of 14 unpatched vulnerabilities across Microsoft products, spanning CVEs from CVE-2026-33936 through CVE-2026-35177, disclosed between March 29 and April 8, 2026. The vulnerabilities affect multiple Microsoft products and could allow remote code execution, privilege escalation, or information disclosure. Affected organizations are advised to consult Microsoft Security Response Center bulletins and apply available patches immediately.
Vulnerability in Moxa Products - Privilege Escalation and Remote DoS
CERT-FR issued a security advisory (CERTFR-2026-AVI-0405) alerting organizations to multiple vulnerabilities affecting 15 series of Moxa industrial computing and networking devices running Windows 7, 10, or 11. The vulnerabilities allow privilege escalation, remote denial of service, data integrity compromise, confidentiality breaches, and security policy bypass. Affected products include BXP-A100, BXP-A101, BXP-C100, DA-680, DA-681C, DA-682C, DA-720, DA-820C, DA-820E, DRP-A100, DRP-C100, EXPC-F2120W, EXPC-F2150W, MC-1100, and MC-1200 series.
Multiples vulnérabilités dans OpenSSL - Avis CERT-FR 2026-AVI-0403
CERT-FR issued an advisory alerting organizations to multiple critical vulnerabilities in OpenSSL affecting versions 1.0.2 through 3.6.x. Seven CVEs were identified including CVE-2026-28386 through CVE-2026-28390 and CVE-2026-31789-CVE-2026-31790. The vulnerabilities enable remote code execution, denial of service, and data confidentiality breaches. Organizations running affected OpenSSL versions must apply vendor patches immediately.
HPE Aruba Private 5G Core - Security Policy Bypass Vulnerability
CERT-FR issued a security advisory warning of a vulnerability (CVE-2026-23818) in HPE Aruba Networking Private 5G Core versions prior to 1.25.3.1. The flaw allows attackers to bypass security policies. Organizations using the affected product must apply patches referenced in HPE security bulletin HPESBNW05032.
SingCERT Security Bulletin: Critical Vulnerabilities Week of 8 April 2026
The Cyber Security Agency of Singapore (CSA) through SingCERT issued its weekly Security Bulletin for 8 April 2026, summarizing critical and high-severity vulnerabilities from NIST's National Vulnerability Database (NVD). The bulletin catalogs multiple CVEs with CVSS scores of 10.0, affecting Microsoft Azure services, ChurchCRM, Dgraph, SandboxJS, Juju, and Samsung Exynos processors. Organizations are advised to review affected products and apply available patches.
STIX XML Indicators of Compromise for Threat Intelligence
CISA ICS-CERT published STIX XML indicators of compromise (IOCs) for threat intelligence purposes. The advisory includes structured XML data containing malicious indicators that organizations can use to detect and identify potential cyber threats targeting industrial control systems and critical infrastructure. These IOCs are designed for integration with security monitoring tools, SIEM systems, and threat intelligence platforms.