Revised Enforcement Decree of Microfinance Support Act

The Financial Services Commission of Korea approved revisions to the Enforcement Decree of the Microfinance Support Act on April 6, 2026. The revision raises the common microfinance contribution rate for banks from 0.06% to 0.10% and for nonbanks from 0.03% to 0.045% of household loan sizes, generating an additional KRW 197.3 billion annually (KRW 134.5 billion from banks, KRW 62.8 billion from nonbanks). The Korea Inclusive Finance Agency will also be authorized to provide credit guarantees for microloans under the Credit Counseling and Recovery Service program.

IBM Maximo Asset Management DoS Vulnerability - CVSS 5.3

CERT-Bund published security advisory WID-SEC-2026-0965 disclosing a Denial of Service vulnerability in IBM Maximo Asset Management versions prior to 7.6.1.3 IF037. The vulnerability carries a CVSS Base Score of 5.3 (medium) and a Temporal Score of 4.6. Remote anonymous attackers can exploit this flaw to conduct DoS attacks against affected installations running on Linux, UNIX, or Windows systems.

Keycloak Information Disclosure Vulnerability (CVSS 3.7)

CERT-Bund issued a security advisory (WID-SEC-2026-0970) reporting an information disclosure vulnerability in Keycloak, an open-source identity and access management platform. The vulnerability carries a CVSS Base Score of 3.7 (low severity) and allows remote anonymous attackers to potentially expose sensitive information. Affected systems include Keycloak deployments running on Linux and UNIX operating systems.

Avahi DoS Vulnerability Advisory - CVSS 5.5 Medium Severity

CERT-Bund issued advisory WID-SEC-2026-0975 regarding a denial of service vulnerability in Avahi, an open-source network service discovery implementation for Linux/UNIX systems. The vulnerability (CVSS Base Score 5.5, Temporal Score 5.0) allows a local attacker to crash the Avahi service, impacting system availability. Affected products include Open Source avahi versions prior to 0.9-rc4. Organizations running vulnerable Avahi installations should apply patches immediately.

Red Hat Enterprise Linux crun Privilege Escalation Vulnerability, CVSS 7.8

CERT-Bund issued a security advisory regarding a high-severity vulnerability (CVSS 7.8) in Red Hat Enterprise Linux's crun container runtime. The flaw allows local attackers to escalate privileges on affected systems. Versions prior to RHEL 9 and RHEL 10 are affected. System administrators should apply available mitigations or updates immediately.

Google Android Multiple Vulnerabilities CVSS 7.3

CERT-Bund issued a security advisory warning of multiple vulnerabilities in Google Android with a CVSS Base Score of 7.3 (high severity) and Temporal Score of 6.4 (medium). The vulnerabilities affect Android devices with security patch levels prior to April 1, 2026 and April 5, 2026. Remote attackers can exploit these flaws to conduct unspecified attacks and denial of service attacks against affected devices.

CUPS Vulnerability Allows Code Execution with Administrator Rights

CERT-Bund issued a security advisory regarding a vulnerability in CUPS (Common Unix Printing System) that allows local attackers to execute arbitrary code with administrator privileges. The vulnerability has a CVSS Base Score of 5.2 (medium) and affects multiple operating systems including Linux, UNIX, and Windows. Organizations using CUPS should assess their exposure and apply available patches or workarounds.

Samsung Android Multiple Critical Vulnerabilities CVSS 9.8

CERT-Bund issued a critical security advisory regarding multiple vulnerabilities in Samsung Android OS versions prior to SMR-APR-2026. The vulnerabilities carry a CVSS Base Score of 9.8 (critical) and enable remote attackers to escalate privileges, bypass security measures, disclose information, and manipulate files. Organizations and consumers using affected Samsung Android devices face immediate risk of exploitation.

RHEL fontforge Remote Code Execution Vulnerability - CVSS 8.8

CERT-Bund issued a security advisory regarding a critical vulnerability (CVSS 8.8) in Red Hat Enterprise Linux's fontforge component affecting versions prior to RHEL 10, RHEL 9, and RHEL Extended Update Support 9.6. The vulnerability allows remote, unauthenticated attackers to execute arbitrary code on affected systems. Organizations running affected RHEL distributions should apply available mitigations or patches immediately.

FasterXML Jackson Vulnerability - Security Bypass (CVSS 7.5)

CERT-Bund issued a security advisory regarding a vulnerability in FasterXML Jackson versions 3.0.0 through 3.1.0. The vulnerability, with a CVSS Base Score of 7.5, allows remote anonymous attackers to bypass security measures in the JSON processing library. Affected platforms include Linux, Windows, UNIX, and other operating systems running Java applications that utilize the library.