Ubiquiti UniFi Vulnerabilities Allow Privilege Escalation

CERT-Bund has issued a security advisory for Ubiquiti UniFi Network Application, detailing vulnerabilities that allow for privilege escalation. The advisory assigns a critical CVSS Base Score of 10.0 and a high CVSS Temporal Score of 8.7, indicating a significant security risk. Affected versions include UniFi Network Application <10.1.89, <10.2.97, <9.0.118, and UniFi Express <4.0.13.

IBM QRadar SIEM Critical Vulnerabilities

CERT-Bund has issued a security advisory regarding critical vulnerabilities in IBM QRadar SIEM, versions prior to 7.5.0 UP15. These vulnerabilities, with a CVSS Base Score of 9.8, allow for remote code execution, information disclosure, denial of service, and file manipulation.

WebKitGTK Vulnerabilities Allow Code Execution, DoS, Info Disclosure

CERT-Bund has issued a security advisory (WID-SEC-2026-0782) regarding multiple vulnerabilities in WebKitGTK, a web browser engine used across various operating systems. The vulnerabilities, with a CVSS Base Score of 8.8, can allow remote attackers to execute arbitrary code, cause denial-of-service conditions, or disclose sensitive information.

Drupal Automated Logout Extension Vulnerability Allows File Manipulation

CERT-Bund has issued a security advisory regarding a vulnerability in Drupal's Automated Logout Extension. The vulnerability allows remote, anonymous attackers to manipulate files. Affected versions include Open Source Drupal Automated Logout <1.7.0 and <2.0.2.

Samba Vulnerability Allows Information Disclosure

CERT-Bund has issued an advisory regarding a Samba vulnerability (WID-SEC-2026-0780) that allows local attackers to disclose information. The vulnerability affects Open Source Samba versions prior to 4.24.0 and has a CVSS Base Score of 5.5.

Jenkins Vulnerabilities Allow Code Execution and Info Disclosure

CERT-Bund has issued a security advisory for Jenkins, detailing multiple vulnerabilities with a high CVSS base score. These vulnerabilities allow attackers to execute arbitrary code, bypass security measures, and disclose confidential information. Affected versions include Jenkins weekly <2.555 and Jenkins LTS <2.541.3.

Dell Secure Connect Gateway Policy Manager Critical Vulnerabilities

CERT-Bund has issued a security advisory for Dell Secure Connect Gateway Policy Manager, detailing critical vulnerabilities (CVSS Base Score 9.8) that could allow remote attacks. The advisory affects versions prior to 5.34.00.14 and recommends mitigation.

Xpdf Vulnerability Allows Denial of Service

CERT-Bund has issued a security advisory regarding a denial-of-service vulnerability in the Xpdf PDF viewer. The vulnerability affects versions of Xpdf on Linux, UNIX, and Windows systems. The advisory provides information on the vulnerability and mitigation, noting a CVSS base score of 2.9.

Hartland and Hollandale Fined for Wastewater Permit Violations

The cities of Hartland and Hollandale have been fined a total of $24,169 by the Minnesota Pollution Control Agency (MPCA) for municipal wastewater permit violations. Violations included submitting false data, missing data, and late reports, leading to the revocation of their wastewater operator's certification. Both cities must also agree to cease falsifying data and implement plans for timely sampling and reporting.

Big Lake Estates Fined for Wastewater Violations

The Minnesota Pollution Control Agency (MPCA) fined Big Lake SADO, LLC, operator of Big Lake Estates mobile home park, $24,150 for unauthorized wastewater releases and failure to notify authorities. The company has agreed to corrective actions to prevent future violations.