Search

CVE-2009-0238: Microsoft Excel Remote Code Execution Vulnerability

CISA added CVE-2009-0238 to its Known Exploited Vulnerabilities (KEV) catalog. The vulnerability affects Microsoft Office Excel versions 2000 SP3 through 2007 SP1, Excel Viewer 2003, Compatibility Pack for Office 2007 formats, and Excel for Mac 2004 and 2008. The vulnerability allows remote code execution via crafted Excel documents and was actively exploited in February 2009 by Trojan.Mdropper.AC. CISA's SSVC assessment rates exploitation as active with total technical impact.

Microsoft SharePoint Spoofing Vulnerability, CVSS 6.5 Medium

CISA added CVE-2026-32201 to the Known Exploited Vulnerabilities catalog on April 14, 2026. The vulnerability is an improper input validation flaw in Microsoft Office SharePoint (versions prior to 16.0.5548.1003, 16.0.10417.20114, and 16.0.19725.20210) that allows unauthorized attackers to perform spoofing over a network. SSVC analysis rates exploitation as 'active' and 'automatable' with partial technical impact. A vendor patch is available via Microsoft Update Guide.

Microsoft April 2026 Patches Address Multiple Vulnerabilities

CSA Singapore issued an alert on 15 April 2026 notifying that Microsoft released security patches addressing multiple vulnerabilities across its software products. The alert lists 11 vulnerabilities with CVSS base scores ranging from 7.5 to 9.8, including critical remote code execution vulnerabilities affecting Windows IKE extensions, Go compiler, SWIG, Remote Desktop Client, Microsoft Office, TCP/IP, and Active Directory. CSA recommends organizations apply the patches immediately.

QEMU Vulnerability, CVSS 7.8, Allows Disclosure, DoS

QEMU Vulnerability, CVSS 7.8, Allows Disclosure, DoS

CPython Multiple Vulnerabilities Allow Security Bypass and Data Manipulation

CERT-Bund issued security advisory WID-SEC-2026-1087 disclosing multiple vulnerabilities in CPython versions prior to 3.15.0. The vulnerabilities carry a CVSS Base Score of 7.4 (high) and enable remote attackers to bypass security mechanisms and manipulate data. Affected platforms include Linux, UNIX, Windows, and Fedora Linux.

BigBlueButton Multiple Vulnerabilities Allow Data Manipulation and Redirect Attacks

CERT-Bund published security advisory WID-SEC-2026-1084 identifying multiple vulnerabilities in BigBlueButton open-source web conferencing system versions prior to 3.0.24. The vulnerabilities carry a CVSS Base Score of 6.5 (medium) and Temporal Score of 5.7 (medium). Remote attackers can exploit these flaws to manipulate data and redirect users to attacker-controlled domains. Organizations running affected BigBlueButton installations should apply mitigations.

Kubernetes CSI Driver SMB File Manipulation Vulnerability CVE CVSS 6.5

CERT-Bund issued a security advisory regarding a vulnerability in Open Source Kubernetes CSI Driver for SMB versions prior to 1.20.1. The flaw, with a CVSS Base Score of 6.5 (medium), allows a remote authenticated attacker to manipulate files. Organizations running affected Kubernetes deployments on Linux and UNIX systems should apply mitigations or update to version 1.20.1 or later.

ABB 800xA CI868 and Symphony Melody PM877 Denial of Service Vulnerability

CERT-Bund issued a security advisory regarding a denial of service vulnerability in ABB industrial control systems 800xA and Symphony Melody. The vulnerability (CVSS Base Score 6.5) affects the CI868 module for AC800M and PM877 for Symphony Melody Plus MR when specific version thresholds are met. An attacker from an adjacent network could exploit this vulnerability to cause service disruption. Mitigation measures are available from ABB.

GNU tar Vulnerability Allows Security Bypass - CVSS 5.0 Medium

CERT-Bund issued security advisory WID-SEC-2026-1057 regarding a vulnerability in GNU tar that allows a local attacker to bypass security measures. The vulnerability carries a CVSS Base Score of 5.0 (medium) and Temporal Score of 4.6 (medium). Remote attack is not possible. Affected systems include Linux, UNIX, and Windows operating systems.

Siemens Industrial Edge Management Security Bypass Vulnerability

CERT-Bund issued a security advisory warning of a vulnerability in Siemens Industrial Edge Management (CVSS Base Score 4.7/medium) that allows a remote, anonymous attacker to bypass security measures. Affected versions include Siemens Industrial Edge Management Pro prior to 1.15.17 and 2.1.1, and Virtual prior to 2.8.0. Organizations using these products should review mitigations.