Search

Belden NetModule Router Software Vulnerabilities Allow Remote Code Execution

CERT-FR issued advisory CERTFR-2026-AVI-0390 notifying of multiple critical vulnerabilities (CVE-2025-15467, CVE-2025-69419) in Belden NetModule Router Software versions prior to 5.0.0.102. The vulnerabilities allow remote attackers to execute arbitrary code and cause denial of service. Organizations using affected NetModule routers should refer to vendor's PSIRT-5_OpenSSL_Vulnerabilities_NRSW bulletin for patch information.

OpenSSH vulnerabilities allow remote code execution

CERT-FR issued advisory CERTFR-2026-AVI-0391 alerting to multiple vulnerabilities in OpenSSH (versions prior to 10.3) enabling remote code execution and security policy bypass. OpenSSH released version 10.3 with patches. Organizations running OpenSSH should update immediately.

M-Files Server Information Disclosure Vulnerability Advisory

CERT-Bund issued a security advisory (WID-SEC-2026-0956) regarding an information disclosure vulnerability in M-Files Server. The vulnerability affects versions prior to 26.3.15818.5 on Windows platforms and carries a CVSS Base Score of 6.5 (medium severity). Remote anonymous attackers can exploit this flaw to disclose sensitive information.

Cisco EPN Manager Information Disclosure Vulnerability

CERT-Bund issued a security advisory (WID-SEC-2026-0951) regarding a high-severity vulnerability (CVSS 8.0) in Cisco Evolved Programmable Network Manager versions prior to 8.1.2. The vulnerability allows authenticated remote attackers to exploit an information disclosure flaw. Organizations using affected versions should apply available mitigations.

Drupal SAML SSO Security Bypass Vulnerability Advisory

CERT-Bund issued a security advisory regarding a vulnerability in Drupal SAML SSO module versions prior to 3.1.4. The flaw allows remote attackers to bypass security measures. The vulnerability has a CVSS Base Score of 7.4 (high) and Temporal Score of 6.4 (medium). Organizations using the affected module should apply available mitigations.

WatchGuard Firebox Remote Code Execution Vulnerability

CERT-Bund published security advisory WID-SEC-2026-0952 reporting a high-severity vulnerability (CVSS 7.2) in WatchGuard Firebox and Unified Threat Management products. An authenticated remote attacker can exploit this flaw to execute arbitrary code on affected systems. Versions prior to 2026.2 and 12.12 are vulnerable.

Cisco IMC Critical Vulnerabilities - Remote Code Execution and Privilege Escalation

CERT-Bund issued a critical security advisory (WID-SEC-2026-0953) disclosing multiple vulnerabilities in Cisco Integrated Management Controller (IMC) affecting UCS C-Series, E-Series, and S-Series servers. The vulnerabilities carry a CVSS Base Score of 9.8, enabling remote unauthenticated attackers to gain administrator privileges, execute arbitrary code with root privileges, and conduct cross-site-scripting attacks. Organizations using affected Cisco products should apply patches immediately.

Cisco Nexus Vulnerabilities Allow File Manipulation, Data Disclosure

CERT-Bund released security advisory WID-SEC-2026-0955 identifying multiple vulnerabilities in Cisco Nexus Dashboard (<4.2) and Cisco Nexus Dashboard Insights. The vulnerabilities have a CVSS Base Score of 6.5 (Medium) and enable remote attackers to manipulate files or disclose confidential information. Mitigation measures are available.

IGEL UMS Vulnerability Allows Remote Information Disclosure

CERT-Bund issued a security advisory regarding a high-severity vulnerability (CVSS 8.6) in IGEL Universal Management Suite (UMS). The vulnerability allows remote, anonymous attackers to disclose sensitive information. Affected versions are those prior to version 12.11.100 running on Linux and UNIX systems. Organizations using IGEL UMS should apply available mitigations or update to a patched version.

Schneider Electric SCADAPack RemoteConnect Arbitrary Code Execution Vulnerability

CISA published an advisory regarding CVE-2026-0667, a critical (CVSS 9.8) vulnerability in Schneider Electric SCADAPack 47xi/47x/57x RTUs and RemoteConnect. The vulnerability (CWE-754) in the Modbus TCP protocol could allow remote unauthenticated attackers to execute arbitrary code, cause denial of service, and compromise confidentiality and integrity. Schneider Electric has released version R3.4.2 (Firmware 9.12.2) to remediate this issue.