Searching in Data Privacy & Cybersecurity · Search everything
685 changes Data Privacy & Cybersecurity
Cortex XSOAR Vulnerability, CVSS 8.1, 8th Apr
Cortex XSOAR Vulnerability, CVSS 8.1, 8th Apr
GitLab CE/EE Multiple Vulnerabilities CVSS 8.5 Allow Information Disclosure and Data Manipulation
CERT-Bund issued security advisory WID-SEC-2026-1010 identifying multiple vulnerabilities in GitLab CE/EE versions below 18.9.5, 18.10.3, and 18.8.9. The vulnerabilities carry a CVSS Base Score of 8.5 (high) and a CVSS Temporal Score of 7.4 (high), with remote attack capability confirmed. An attacker could exploit these flaws to disclose information, manipulate data, bypass security measures, cause denial-of-service conditions, or execute cross-site scripting attacks.
UFP Technologies Cybersecurity Incident Disclosure
UFP Technologies filed a Form 8-K with the SEC disclosing a cybersecurity incident pursuant to Regulation S-K Item 1.05. The disclosure notifies investors of a material cybersecurity event that has occurred at the company. As a public company, UFP Technologies is subject to SEC cybersecurity disclosure requirements that mandate timely reporting of material cybersecurity incidents.
IBM Tivoli Network Manager Critical Vulnerabilities CVSS 9.8
CERT-Bund disclosed multiple critical vulnerabilities in IBM Tivoli Network Manager IP Edition below version 4.2.0.24 affecting Linux, UNIX, and Windows platforms. The vulnerabilities carry a CVSS Base Score of 9.8 (critical) and enable remote attackers to execute arbitrary code, conduct denial of service attacks, disclose information, and bypass security mechanisms. Mitigation measures are available.
Kibana Multiple Vulnerabilities, CVSS 7.7, Info Disclosure DoS
Kibana Multiple Vulnerabilities, CVSS 7.7, Info Disclosure DoS
libTIFF Vulnerability Enables Code Execution and Denial of Service
CERT-Bund issued security advisory WID-SEC-2026-1031 regarding a vulnerability in libTIFF, an open-source software library for processing Tag Image File Format (TIFF) images. The vulnerability carries a CVSS Base Score of 7.8 (high) and a Temporal Score of 6.8 (medium). A remote anonymous attacker could exploit this flaw to execute arbitrary code or cause a denial-of-service condition. Affected platforms include Linux, UNIX, Windows, Debian Linux, and Open Source libTIFF. Remote attack capability is not present. Mitigation measures are available.
Multiple Critical Vulnerabilities in MISP Threat Intelligence Platform
CERT-Bund issued security advisory WID-SEC-2026-1045 warning of multiple critical vulnerabilities in Open Source MISP (threat intelligence sharing platform) versions prior to 2.5.36. The vulnerabilities carry a CVSS Base Score of 9.6 (critical) and Temporal Score of 8.3 (high). Attackers can exploit these flaws to bypass security measures, conduct Cross-Site-Scripting attacks, and cause unspecified impacts via remote attack.
OPNsense Firewall Vulnerability Allows Remote Information Disclosure (CVSS 8.2)
CERT-Bund has issued a security advisory (WID-SEC-2026-1044) regarding a vulnerability in OPNsense, an open-source firewall distribution based on FreeBSD. The vulnerability, with a CVSS Base Score of 8.2 (high), allows remote, anonymous attackers to disclose sensitive information. Affected versions include OPNsense prior to version 26.1.6. A mitigation measure is available as of April 10, 2026.
MediaWiki Extensions XSS Vulnerability, CVSS 8.3
CERT-Bund issued security advisory WID-SEC-2026-1043 warning of multiple cross-site scripting (XSS) vulnerabilities in MediaWiki extensions. Affected versions include MediaWiki prior to 1.43.7, 1.44.4, and 1.45.2, along with 8 extensions including Wikilove, ProofreadPage, Cargo, ReportIncident, GrowthExperiments, CampaignEvents, Score, and CentralAuth. The vulnerability has a CVSS Base Score of 8.3 (high) and temporal score of 7.2 (high). Remote attack is possible.
Apache Airflow Critical Flaws, CVSS 9.1, Security Bypass
Apache Airflow Critical Flaws, CVSS 9.1, Security Bypass