WebKitGTK Vulnerabilities Allow Code Execution, DoS, Info Disclosure

CERT-Bund has issued a security advisory (WID-SEC-2026-0782) regarding multiple vulnerabilities in WebKitGTK, a web browser engine used across various operating systems. The vulnerabilities, with a CVSS Base Score of 8.8, can allow remote attackers to execute arbitrary code, cause denial-of-service conditions, or disclose sensitive information.

Drupal Automated Logout Extension Vulnerability Allows File Manipulation

CERT-Bund has issued a security advisory regarding a vulnerability in Drupal's Automated Logout Extension. The vulnerability allows remote, anonymous attackers to manipulate files. Affected versions include Open Source Drupal Automated Logout <1.7.0 and <2.0.2.

Samba Vulnerability Allows Information Disclosure

CERT-Bund has issued an advisory regarding a Samba vulnerability (WID-SEC-2026-0780) that allows local attackers to disclose information. The vulnerability affects Open Source Samba versions prior to 4.24.0 and has a CVSS Base Score of 5.5.

Jenkins Vulnerabilities Allow Code Execution and Info Disclosure

CERT-Bund has issued a security advisory for Jenkins, detailing multiple vulnerabilities with a high CVSS base score. These vulnerabilities allow attackers to execute arbitrary code, bypass security measures, and disclose confidential information. Affected versions include Jenkins weekly <2.555 and Jenkins LTS <2.541.3.

Dell Secure Connect Gateway Policy Manager Critical Vulnerabilities

CERT-Bund has issued a security advisory for Dell Secure Connect Gateway Policy Manager, detailing critical vulnerabilities (CVSS Base Score 9.8) that could allow remote attacks. The advisory affects versions prior to 5.34.00.14 and recommends mitigation.

Xpdf Vulnerability Allows Denial of Service

CERT-Bund has issued a security advisory regarding a denial-of-service vulnerability in the Xpdf PDF viewer. The vulnerability affects versions of Xpdf on Linux, UNIX, and Windows systems. The advisory provides information on the vulnerability and mitigation, noting a CVSS base score of 2.9.

Hartland and Hollandale Fined for Wastewater Permit Violations

The cities of Hartland and Hollandale have been fined a total of $24,169 by the Minnesota Pollution Control Agency (MPCA) for municipal wastewater permit violations. Violations included submitting false data, missing data, and late reports, leading to the revocation of their wastewater operator's certification. Both cities must also agree to cease falsifying data and implement plans for timely sampling and reporting.

Big Lake Estates Fined for Wastewater Violations

The Minnesota Pollution Control Agency (MPCA) fined Big Lake SADO, LLC, operator of Big Lake Estates mobile home park, $24,150 for unauthorized wastewater releases and failure to notify authorities. The company has agreed to corrective actions to prevent future violations.

Ardent Mills fined $10,200 for air permit violations

The Minnesota Pollution Control Agency (MPCA) has fined Ardent Mills LLC $10,200 for violations of its air permit at its Lake City facility. Performance tests revealed emissions of PM 2.5 and PM 10 exceeded permitted limits. The company has since corrected the issue and returned to compliance.

Monticello Mobile Home Park Fined for Wastewater Violations

The Minnesota Pollution Control Agency (MPCA) has fined The Meadows Mobile Home Park $13,957 for discharging untreated sewage and failing to complete corrective actions within the mandated 30-day period. The park took 134 days to submit a maintenance plan and complete routine cleaning after the violations.