Searching in Data Privacy & Cybersecurity · Search everything
687 changes Data Privacy & Cybersecurity
Hitachi Energy Ellipse Remote Code Execution Vulnerability
CISA ICS-CERT published advisory ICSA-26-092-03 disclosing a critical remote code execution vulnerability (CVE-2025-10492, CVSS 9.8) in Hitachi Energy Ellipse versions 9.0.50 and prior. The vulnerability exists in the Jasper Report third-party component due to improper Java deserialization handling. Organizations using affected Ellipse versions face immediate risk of remote compromise. Mitigation involves restricting loading of external custom reports to trusted sources only.
Siemens SICAM 8 Vulnerabilities - Denial of Service and Out-of-Bounds Write Patches
CISA ICS-CERT released advisory ICSA-26-092-01 identifying two vulnerabilities in Siemens SICAM 8 industrial control products. CVE-2026-27663 is a medium-severity denial-of-service vulnerability (CVSS 6.5) caused by resource exhaustion under high request volumes. CVE-2026-27664 is a high-severity out-of-bounds write vulnerability (CVSS 7.5) exploitable through malicious XML input. Affected products include CPCI85, RTUM85, and SICORE firmware versions prior to V26.10. Siemens recommends updating to V26.10 or later.
Multiple Netgate pfSense Vulnerabilities Allow Remote Code Execution
CERT-FR issued advisory CERTFR-2026-AVI-0387 alerting to multiple critical vulnerabilities (CVE-2026-xxxx through CVE-2026-xxxx) in Netgate pfSense CE and Plus firewall products. Four separate security advisories (pfSense-SA-26_01 through pfSense-SA-26_04) document arbitrary remote code execution and cross-site scripting (XSS) vulnerabilities affecting pfSense CE versions prior to 2.8.1 and pfSense Plus versions prior to 26.07. The vulnerabilities enable unauthenticated remote attackers to execute arbitrary code or inject malicious scripts.
Multiple Cisco Vulnerabilities Allowing Remote Code Execution
CERT-FR issued advisory CERTFR-2026-AVI-0388 alerting to five critical vulnerabilities in multiple Cisco product families affecting the Cisco Integrated Management Controller (IMC), NFVIS, Evolved Programmable Network Manager (EPNM), and Smart Software Manager On-Prem. The vulnerabilities could allow unauthenticated remote code execution, privilege escalation, authentication bypass, and improper authentication, posing severe risks to data confidentiality and system integrity.
Azure Linux FRR Vulnerability CVE-2026-5107
CERT-FR published advisory CERTFR-2026-AVI-0389 notifying of a vulnerability in Microsoft Azure Linux affecting the frr 10.5.0-1 package on azl3. The vulnerability, tracked as CVE-2026-5107 (published by Microsoft on March 31, 2026), allows an attacker to cause an unspecified security issue. Organizations using affected versions should apply the vendor patch updating to version 10.5.0-2.
Belden NetModule Router Software Vulnerabilities Allow Remote Code Execution
CERT-FR issued advisory CERTFR-2026-AVI-0390 notifying of multiple critical vulnerabilities (CVE-2025-15467, CVE-2025-69419) in Belden NetModule Router Software versions prior to 5.0.0.102. The vulnerabilities allow remote attackers to execute arbitrary code and cause denial of service. Organizations using affected NetModule routers should refer to vendor's PSIRT-5_OpenSSL_Vulnerabilities_NRSW bulletin for patch information.
OpenSSH vulnerabilities allow remote code execution
CERT-FR issued advisory CERTFR-2026-AVI-0391 alerting to multiple vulnerabilities in OpenSSH (versions prior to 10.3) enabling remote code execution and security policy bypass. OpenSSH released version 10.3 with patches. Organizations running OpenSSH should update immediately.
IGEL UMS Vulnerability Allows Remote Information Disclosure
CERT-Bund issued a security advisory regarding a high-severity vulnerability (CVSS 8.6) in IGEL Universal Management Suite (UMS). The vulnerability allows remote, anonymous attackers to disclose sensitive information. Affected versions are those prior to version 12.11.100 running on Linux and UNIX systems. Organizations using IGEL UMS should apply available mitigations or update to a patched version.
WatchGuard Firebox Remote Code Execution Vulnerability
CERT-Bund published security advisory WID-SEC-2026-0952 reporting a high-severity vulnerability (CVSS 7.2) in WatchGuard Firebox and Unified Threat Management products. An authenticated remote attacker can exploit this flaw to execute arbitrary code on affected systems. Versions prior to 2026.2 and 12.12 are vulnerable.
Cisco EPN Manager Information Disclosure Vulnerability
CERT-Bund issued a security advisory (WID-SEC-2026-0951) regarding a high-severity vulnerability (CVSS 8.0) in Cisco Evolved Programmable Network Manager versions prior to 8.1.2. The vulnerability allows authenticated remote attackers to exploit an information disclosure flaw. Organizations using affected versions should apply available mitigations.