Searching in Data Privacy & Cybersecurity · Search everything
692 changes Data Privacy & Cybersecurity
Drupal Automated Logout Extension Vulnerability Allows File Manipulation
CERT-Bund has issued a security advisory regarding a vulnerability in Drupal's Automated Logout Extension. The vulnerability allows remote, anonymous attackers to manipulate files. Affected versions include Open Source Drupal Automated Logout <1.7.0 and <2.0.2.
WebKitGTK Vulnerabilities Allow Code Execution, DoS, Info Disclosure
CERT-Bund has issued a security advisory (WID-SEC-2026-0782) regarding multiple vulnerabilities in WebKitGTK, a web browser engine used across various operating systems. The vulnerabilities, with a CVSS Base Score of 8.8, can allow remote attackers to execute arbitrary code, cause denial-of-service conditions, or disclose sensitive information.
Samba Vulnerability Allows Information Disclosure
CERT-Bund has issued an advisory regarding a Samba vulnerability (WID-SEC-2026-0780) that allows local attackers to disclose information. The vulnerability affects Open Source Samba versions prior to 4.24.0 and has a CVSS Base Score of 5.5.
Jenkins Vulnerabilities Allow Code Execution and Info Disclosure
CERT-Bund has issued a security advisory for Jenkins, detailing multiple vulnerabilities with a high CVSS base score. These vulnerabilities allow attackers to execute arbitrary code, bypass security measures, and disclose confidential information. Affected versions include Jenkins weekly <2.555 and Jenkins LTS <2.541.3.
Xpdf Vulnerability Allows Denial of Service
CERT-Bund has issued a security advisory regarding a denial-of-service vulnerability in the Xpdf PDF viewer. The vulnerability affects versions of Xpdf on Linux, UNIX, and Windows systems. The advisory provides information on the vulnerability and mitigation, noting a CVSS base score of 2.9.
Python Path Traversal Vulnerability Disclosed
CERT-Bund has disclosed a path traversal vulnerability in Python versions prior to 3.15.0. The vulnerability, with a CVSS base score of 4.0, allows local attackers to exploit the flaw. Mitigation is available.
SuiteCRM Vulnerabilities Allow Code Execution, Data Manipulation, SSRF, DoS
CERT-Bund has issued a security advisory for SuiteCRM, detailing multiple vulnerabilities that could allow attackers to execute arbitrary code, manipulate data, perform SSRF attacks, or cause denial-of-service conditions. The advisory affects versions prior to 7.15.1 and 8.9.3, with a CVSS base score of 8.8.
IBM QRadar SIEM Critical Vulnerabilities
CERT-Bund has issued a security advisory regarding critical vulnerabilities in IBM QRadar SIEM, versions prior to 7.5.0 UP15. These vulnerabilities, with a CVSS Base Score of 9.8, allow for remote code execution, information disclosure, denial of service, and file manipulation.
Ubiquiti UniFi Vulnerabilities Allow Privilege Escalation
CERT-Bund has issued a security advisory for Ubiquiti UniFi Network Application, detailing vulnerabilities that allow for privilege escalation. The advisory assigns a critical CVSS Base Score of 10.0 and a high CVSS Temporal Score of 8.7, indicating a significant security risk. Affected versions include UniFi Network Application <10.1.89, <10.2.97, <9.0.118, and UniFi Express <4.0.13.
libarchive Vulnerability Allows Denial-of-Service
CERT-Bund has issued a security advisory regarding a vulnerability in the libarchive library, which allows for denial-of-service attacks. The vulnerability affects various operating systems including Linux, UNIX, and Windows, and specific versions of Red Hat Enterprise Linux. Mitigation measures are available.