Searching in Data Privacy & Cybersecurity · Search everything
685 changes Data Privacy & Cybersecurity
Multiple Microsoft Edge Security Vulnerabilities Affecting Bypass and Remote Code Execution
ANSSI/CERT-FR published advisory CERTFR-2026-AVI-0427 warning of 86+ vulnerabilities in Microsoft Edge (CVE-2026-33118 through CVE-2026-5905 and beyond). Source bulletins were released by Microsoft on April 10, 2026. Vulnerabilities include security bypass and remote code execution risks affecting all organizations and users of Microsoft Edge browser.
Foxit PDF Services API SSRF Vulnerability Advisory
CERT-FR published a security advisory alerting organizations to a Server-Side Request Forgery (SSRF) vulnerability in Foxit PDF Services API. The vulnerability, tracked as CVE-2026-5936 and disclosed by FoxIT on April 7, 2026, could allow attackers to perform SSRF attacks. Affected organizations should apply the vendor's latest security patch.
Critical Adobe Acrobat Vulnerability CVE-2026-34621 Actively Exploited
CERT-FR issued advisory CERTFR-2026-AVI-0429 warning of a critical vulnerability in Adobe Acrobat (CVE-2026-34621) that allows arbitrary code execution. The vulnerability affects Acrobat 2024, Acrobat DC, and Acrobat Reader DC on Windows and macOS. Adobe has confirmed the vulnerability is being actively exploited in the wild. Users are advised to apply vendor patches immediately.
Multiples vulnérabilités dans les produits Microsoft - 13 CVE
CERT-FR issued advisory CERTFR-2026-AVI-0428 notifying of 13 vulnerabilities (CVE-2026-35385, CVE-2026-35386, CVE-2026-35388, CVE-2026-35535, CVE-2026-28388, CVE-2026-28389, CVE-2026-28390, CVE-2026-31789, CVE-2026-31790, CVE-2026-39881, CVE-2026-40024, CVE-2026-40025, CVE-2026-40026) affecting Microsoft products. Affected systems include azl3 openssh, openssl, sleuthkit, sudo, and vim packages. Risk level not specified by the vendor.
Multiple Security Vulnerabilities in Python Allow Security Bypass
CERT-FR issued advisory CERTFR-2026-AVI-0426 on April 13, 2026, alerting that multiple vulnerabilities were discovered in Python (CPython). These vulnerabilities allow attackers to cause security policy bypass and unspecified security issues. Affected systems are CPython installations without the latest security patches. Two CVEs are referenced: CVE-2026-1502 and CVE-2026-3446.
Critical Adobe Acrobat Vulnerability, Update Now
The Cyber Security Agency of Singapore issued an advisory on 13 April 2026 warning of active exploitation of a critical prototype pollution vulnerability (CVE-2026-34621) in Adobe Acrobat and Reader for Windows and macOS. Successful exploitation could allow unauthenticated attackers to perform arbitrary code execution. Users and administrators of affected products on continuous and classic tracks are advised to update to the latest versions immediately.
Critical Vulnerability in Apache ActiveMQ Classic
The Cyber Security Agency of Singapore issued an urgent advisory alerting users to a critical code injection vulnerability (CVE-2026-34197) in Apache ActiveMQ Classic. The flaw affects versions 5.x prior to 5.19.4 and versions 6.0.0 through 6.2.2. Successful exploitation could allow authenticated attackers to perform arbitrary code execution, with unauthenticated exploitation possible on versions 6.0.0 through 6.1.1 when chained with CVE-2024-32114, potentially resulting in full system compromise.
Multiple Vulnerabilities in SonicWall SMA1000 Series
The Cyber Security Agency of Singapore has issued an alert advising users to immediately update SonicWall SMA1000 series appliances due to four critical vulnerabilities (CVE-2026-4112, CVE-2026-4113, CVE-2026-4114, CVE-2026-4116). These flaws allow remote authenticated attackers to escalate privileges, enumerate SSL VPN credentials, and bypass TOTP authentication. Affected versions are prior to 12.4.3-03245 and 12.5.0-02283.
Apache Tomcat and Tomcat Native Multiple Vulnerabilities, CVSS 7.3
CERT-Bund issued security advisory WID-SEC-2026-1038 identifying multiple vulnerabilities in Apache Tomcat and Tomcat Native with a CVSS Base Score of 7.3 (high). Affected versions include Apache Tomcat <9.0.117, <10.1.54, <11.0.21, and Tomcat Native <1.3.7, <2.0.14. An attacker can exploit these flaws to bypass security measures, manipulate data, disclose confidential information, and conduct open-redirect attacks.
Cortex XSOAR Vulnerability, CVSS 8.1, 8th Apr
Cortex XSOAR Vulnerability, CVSS 8.1, 8th Apr