Searching in Data Privacy & Cybersecurity · Search everything
679 changes Data Privacy & Cybersecurity
SAP Patchday April 2026: 13 Kritische Schwachstellen, CVSS 9.9
CERT-Bund published security advisory WID-SEC-2026-1078 disclosing 13 critical vulnerabilities in SAP Software affecting multiple operating systems (Linux, UNIX, Windows, and others). The vulnerabilities have a CVSS Base Score of 9.9 (critical) and Temporal Score of 8.6 (high), with remote attack capability confirmed. Attackers can exploit these flaws to conduct SQL injection, gain elevated privileges, execute arbitrary code, bypass security controls, perform cross-site scripting, manipulate data, or disclose confidential information.
XWiki Multiple Vulnerabilities - DoS and XSS Attacks (WID-SEC-2026-1089)
CERT-Bund issued security advisory WID-SEC-2026-1089 identifying critical vulnerabilities (CVSS Base Score 9.6) in XWiki open-source wiki software. Affected versions include those prior to 16.10.16, 17.4.8, and 17.10.1. An attacker can exploit these vulnerabilities to conduct denial of service attacks and cross-site scripting (XSS) attacks. Mitigations are available.
CVE-2023-21529: Microsoft Exchange Server RCE Vulnerability Added to Known Exploited Vulnerabilities Catalog
CISA added CVE-2023-21529, a Microsoft Exchange Server remote code execution vulnerability, to the Known Exploited Vulnerabilities (KEV) catalog. The vulnerability carries a CVSS 3.1 score of 8.8 (HIGH) and is attributed to CWE-502 (Deserialization of Untrusted Data). Exploitation is assessed as 'active' with total technical impact and no automatable exploitation vector. Affected versions span Exchange Server 2016 and 2019 across multiple build ranges. Federal agencies are subject to BOD 22-01 remediation requirements for KEV catalog entries.
CVE-2012-1854: VBA Insecure Library Loading Vulnerability
CISA has cataloged CVE-2012-1854, an untrusted search path vulnerability in VBE6.dll affecting Microsoft Office 2003 SP3, 2007 SP2/SP3, and 2010 Gold/SP1; Microsoft Visual Basic for Applications (VBA); and Summit Microsoft Visual Basic for Applications SDK. The vulnerability allows local users to gain privileges via a Trojan horse DLL in the current working directory. CISA confirms this vulnerability was exploited in the wild in July 2012. CVSS 3.1 score is 7.8 (HIGH) with exploitation status marked as 'active' in the KEV catalog.
Adobe Acrobat Code Execution Vulnerability, CVSS 8.6
CISA added CVE-2026-34621 to its Known Exploited Vulnerabilities (KEV) catalog on April 13, 2026. The vulnerability affects Adobe Acrobat Reader versions 24.001.30356, 26.001.21367 and earlier, with a CVSS score of 8.6. Successful exploitation allows arbitrary code execution via a malicious PDF file through prototype pollution. Federal agencies are subject to Binding Operational Directive 22-01 remediation timelines.
CVE-2026-21643: FortiClientEMS SQL Injection Vulnerability
CISA has added CVE-2026-21643 to the Known Exploited Vulnerabilities (KEV) catalog. The vulnerability is a SQL injection flaw in Fortinet FortiClientEMS 7.4.4 allowing unauthenticated remote code execution via crafted HTTP requests. Exploitation is confirmed active, automatable, and achieving total technical impact. CVSS score is 9.1 (CRITICAL). Federal agencies are subject to remediation requirements under Binding Operational Directive 22-01.
Microsoft Windows Host Process for Windows Tasks Privilege Escalation Vulnerability CVE-2025-60710
CISA added CVE-2025-60710 to the Known Exploited Vulnerabilities catalog on 2026-04-13. The vulnerability is an improper link resolution flaw in Host Process for Windows Tasks enabling local privilege escalation. CVSS 3.1 score is 7.8 (HIGH). Exploitation is active but not automatable per SSVC v2.0.3.
Windows Common Log File System Driver Elevation of Privilege Vulnerability CVE-2023-36424
CISA has added CVE-2023-36424 to its Known Exploited Vulnerabilities catalog. The vulnerability is a Windows Common Log File System Driver elevation of privilege flaw with a CVSS 3.1 score of 7.8 (HIGH). It affects numerous Windows versions including Windows 10, 11, Server 2019-2022, and legacy systems. CISA has determined this vulnerability has been actively exploited in the wild, triggering remediation requirements for federal agencies under Binding Operational Directive 22-01.
Adobe Acrobat Use-After-Free Vulnerability CVE-2020-9715
CISA added CVE-2020-9715 to the Known Exploited Vulnerabilities (KEV) catalog. The vulnerability is a use-after-free flaw in Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier. Successful exploitation could lead to arbitrary code execution. The SSVC assessment rates exploitation as 'active' with total technical impact.
Red Hat Enterprise Linux Multiple Vulnerabilities, Remote Attack
Red Hat Enterprise Linux Multiple Vulnerabilities, Remote Attack