CBU and IMF Expert Discuss Research Capacity Building

The Central Bank of the Republic of Uzbekistan held a discussion with Marko Skreb, former Governor of the Croatian National Bank and IMF consultant, focused on strengthening the CBU's analytical function and building institutional research capacity over the medium term. The strategy addresses systematizing research processes, enhancing the research environment, developing modern analytical and modelling tools, and integrating research findings more effectively into policy discussions. A series of lectures, presentations, and working sessions with Research Department staff are being conducted to further strengthen analytical capacity and promote knowledge exchange.

Monetary Policy Seminar at Banking and Finance Academy, 16 April 2026

The Central Bank of Uzbekistan held a monetary policy seminar at the Banking and Finance Academy on 16 April 2026, covering the inflation targeting regime, the policy rate as the central monetary instrument, and the transmission mechanism through the banking system. The presentation explained how changes in the policy rate affect lending and deposit rates, business decisions, investment, and household financial behavior with time lags. The seminar emphasized transparency and clear communication as key principles of the inflation targeting framework.

Nevada Unemployment 5.3% Feb 2026, Las Vegas 5.8%

Nevada's seasonally adjusted unemployment rate held steady at 5.3 percent in February 2026, unchanged from January and down 0.1 percentage point from 5.4 percent in February 2025. The Las Vegas-Henderson-North Las Vegas MSA registered 5.8 percent, Reno-Sparks MSA 4.6 percent, and Carson City MSA 4.5 percent, all not seasonally adjusted. County rates ranged from 3.8 percent in Humboldt County (lowest) to 10.8 percent in Mineral County (highest), with 9 of Nevada's 17 counties recording month-over-month decreases. The state labor force comprised 1,698,029 people, up 40,539 from February 2025.

Nevada Leads Nation Adding 30,200 Jobs, 1.9% Growth

Nevada added 30,200 jobs (1.9% growth) from January 2025 to January 2026, reaching over 1.6 million total jobs for the first time on record. DETR's Research & Analysis Bureau conducted its annual analysis of employer quarterly data submitted through the unemployment insurance program, finding that total employment was higher and growing faster than initially reported through the end of 2025. Nevada now ranks first in the nation for job growth, with significant gains in construction, health care, business services, and education.

Governor Mike Kehoe to Sign HB 2061, HB 2423, HB 2641, HB 2934 into Law, April 23, 2026

Governor Mike Kehoe will sign House Bills 2061, 2423, 2641, and 2934 into law on Thursday, April 23, 2026 at 2:30 p.m. in the Governor's Office (Room 216) at the Missouri State Capitol in Jefferson City. The bill signing ceremony is open to members of the media and invited guests only; the event will be livestreamed on Governor Kehoe's Facebook and X pages.

DSH Department Letters on IST, Diversion, and CONREP Programs

CA DSH publishes a collection of departmental letters providing operational guidance to stakeholders on three forensic mental health programs: Incompetent to Stand Trial (IST), Conditional Release Program (CONREP), and Diversion. The collection includes letters dating from 2019 to 2025, with Letter 25-001 covering a new process for IST out-of-custody individuals, Letter 25-002 superseding prior diversion funding guidance, and Letter 23-003 superseding the IST Growth Cap methodology. Letters 22-001, 22-002, 23-002, and 24-003 are explicitly noted as superseded by subsequent letters. The page also includes growth cap methodology attachments, dispute processes, and rate/tier information.

DSH Regulations Governed by California Statutes

The California Department of State Hospitals publishes an index of its regulatory actions governed by California statutes, including one proposed regulation (State Hospital Visitation Process under regular rulemaking) and 21 completed regulations spanning 2016–2025. Completed regulations cover areas including patient property, contraband, enhanced treatment programs, sexually violent predator assessments, court evaluator appointments, and end-of-life options, with effective dates ranging from April 2016 to December 2025. Comments on proposed regulations may be submitted via email or U.S. Mail to the Regulations and Policy Unit.

CA DSH Patient Demographics and Forensic vs Civil Commitment Population Data Published

The California Department of State Hospitals published access to two datasets via the California Health and Human Services Agency Open Data Portal: patient demographics broken down by age groups from Fiscal Years 2010 to 2018, and forensic versus civil commitment population counts. The page also links to annual reports (2016–2018), hospital violence reports spanning 2010–2020, quarterly seclusion and restraint data, and State Leadership Accountability Act reports.

UK House Price Index February 2026 Shows 0.1% Monthly Rise Average £268,000

The UK House Price Index for February 2026 shows house prices rose 0.1% since January 2026, with an annual price rise of 1.2% bringing the average UK property value to £268,000. England saw a 0.2% monthly increase (£290,000 average), Wales rose 0.3% (£210,000 average), while London experienced the steepest monthly fall at -1.9% (£542,000 average).

UK House Price Index February 2026 Data Downloads

HM Land Registry published the UK House Price Index data for February 2026, making aggregated datasets available as CSV downloads including full HPI files, average prices by property type, sales volumes, cash mortgage sales, first-time buyer data, new build statistics, index figures, seasonally adjusted data, and repossessions data. Revisions tables for the previous 12 months are also provided for UK, England, Wales, Scotland, and Northern Ireland.

UK House Price Index February 2026

HM Land Registry published the monthly UK House Price Index for February 2026 on 22 April 2026. The release provides accredited official statistics covering headline statistics, price changes, sales volumes, property status, buyer status, funding status, and repossession volumes for England, Scotland, and Wales. Separate reports are available for Northern Ireland via the Northern Ireland Statistics and Research Agency.

UK Government Explores Private Investment to Drive Defence as Engine for Growth

The Defence Secretary and Chancellor met with leaders from UK banking, venture capital and strategic finance at the Defence Investors' Advisory Group (DIAG) to explore how private investment could accelerate defence readiness and drive economic growth. The Government announced a Ministry of Defence-led sprint, expanded DIAG to permanent footing, and launched a new Defence Finance Zig-Zag secondment programme embedding private sector expertise in Government. A £20 million bespoke fund will offer accelerated contracts to small British defence startups with limited or no prior MOD business, as the search for the UK's next defence unicorn begins. Defence spending will reach 2.6% of GDP from 2027, backed by the largest sustained increase since the Cold War.

SFDA Warns Unauthorized Hajj Food Activities, SAR 10M Penalties

The Saudi Food and Drug Authority (SFDA) has issued a reinforced warning prohibiting the manufacture or storage of food products without required licenses during the Hajj season, with violators subject to fines of up to SAR 10 million, imprisonment for up to 10 years, prohibition from food-related activities for up to 180 days, and license cancellation or suspension for up to one year. The Authority states it will maintain a zero-tolerance policy toward violations of Food Law provisions. All food factories and warehouses must adhere to regulatory requirements, and closed facilities may not be reopened without formal SFDA approval. Community members are encouraged to report violations via the unified number 19999.

Antibiotics and MenB Vaccination Offered to 6,500 Young People in Dorset

UKHSA confirmed 3 cases of invasive meningococcal disease (MenB) in young people in Weymouth, Dorset between 20 March and 15 April 2026. As a precautionary measure, antibiotics and MenB vaccination are being offered to approximately 6,500 young people in years 7-13 (or equivalent) who live or study in Weymouth, Portland and Chickerell. UKHSA is working with Dorset Council, NHS and local partners to deliver the rollout, with Budmouth Academy and Wey Valley Academy among the first schools to receive the offer.

Chancellor Rallies Retail Banks Behind Her Economic Plan

Chancellor Rachel Reeves met on 22 April 2026 with CEOs of Barclays UK, Lloyds Banking Group, Santander UK, NatWest Group, Nationwide Building Society, and HSBC UK to discuss the government's economic plan. The meeting, held during Fintech Week 2026, addressed global uncertainty following the Middle East conflict and highlighted the financial services sector's role in managing risk and supporting households. Ministers also discussed the Financial Services Growth and Competitiveness Strategy, including Targeted Support for retail investment, skills reforms, and major pensions reform via the Pensions Bill.

Company and Director Fined £20k, Must Clear Sheffield Waste Site by 18 May

Concept Investments Limited and director Austin Fitzgerald, 65, were sentenced at South Yorkshire Magistrates' Court on 15 April 2026 for allowing an illegal waste site to operate without an environmental permit at the Former Stanley Works, Rutland Road, Sheffield. The company was fined £8,000 plus £2,000 victim surcharge and £5,442 costs, while Fitzgerald received a 12-month community order with 140 hours unpaid work, £5,442 costs, and £114 victim surcharge. Both must clear the site by 18 May or face further court action. Another individual charged in relation to the same site has pleaded not guilty with a trial listed for 11 February 2027.

David E. Brown Appointed Director of Virginia Department of Health Professions

Governor Abigail Spanberger appointed David E. Brown, D.C. as Director of the Virginia Department of Health Professions. Dr. Brown returns to DHP after two previous terms as Director, serving under former Governors Ralph Northam and Terry McAuliffe. He is a Virginia native and former Charlottesville mayor with a healthcare career dating back to 1982, including service on the Virginia Board of Medicine and Virginia Healthcare Workforce Development Authority.

Virginia DHP Unveils Three New Healthcare Dashboards

The Virginia Department of Health Professions (DHP) and its Healthcare Workforce Data Center (HWDC) have unveiled three interactive dashboards providing data on healthcare supply and demand, behavioral health trends, and career pathways for students. These tools are designed to inform and empower healthcare workforce planning across the Commonwealth of Virginia. This announcement does not create any new compliance obligations for healthcare providers or other entities.

Virginia DHP Accelerates Licensing, Expands Behavioral Health Careers

Over three years, DHP has sharply reduced Board of Medicine licensing timelines from 88 to 34 days overall, accelerating workforce entry where it is needed most. Two new behavioral health license types—behavioral health technician and behavioral health technician assistant—are now available, with the psychological practitioner license forthcoming, while Registered Peer Recovery Specialist numbers have more than doubled. Dentistry licenses are now issued in as little as two days compared to 30 days previously, and a new public dashboard provides real-time behavioral health workforce data.

Receita Federal Seizes 6.2kg Hashish Worth R$500k in Joinville

A Receita Federal surveillance team in Joinville/SC seized approximately 6.2 kilograms of a substance analogous to Moroccan hashish during a routine inspection on BR-101 highway. The drug, valued at approximately R$500,000, was concealed inside a piece of equipment described as a 'medical use filter' being transported from the Rio Grande do Sul-Uruguay border to São Paulo. The seized narcotics were forwarded to the State Police's Drug Combat Division for further investigation. No arrest was made as the transport was conducted by a third-party company with no evidence linking the driver to the contraband.

IRPF April 2026 Residual Refund Batch, 415,277 Units, R$592M

Receita Federal opens consultation for the April 2026 IRPF residual refund batch on April 23, 2026 at 10h, with bank credit scheduled for April 30, 2026. The batch includes 415,277 refunds totaling R$ 592,212,767.86, of which R$ 256,855,728.62 is designated for priority groups (elderly over 80, elderly 60-79, disabled/seriously ill, and teachers). Remaining refunds go to non-priority taxpayers who used pre-filled returns or PIX. Taxpayers can check availability via the Receita Federal website or mobile app.

R$2M Truck Contraband Interception at Ponte Internacional da Amizade

On April 22, 2026 at approximately 8:00 a.m., Receita Federal officers conducting routine customs inspection at the Aduana da Ponte Internacional da Amizade in Foz do Iguaçu, Brazil intercepted a truck with Paraguayan license plates. Officers discovered a hidden false floor in the vehicle's cargo area containing approximately 10,000 units of anabolic steroids valued at approximately R$1.3 million, plus cell phone batteries estimated at over R$750,000, for a total seizure of approximately R$2 million. The Paraguayan driver fled across the border to Paraguay and was not located.

AG Hilgers Hosts 50 Students at 2026 Youth Conference

Attorney General Mike Hilgers hosted over 50 high school juniors and seniors from across Nebraska at the State Capitol for the 2026 Attorney General's Youth Conference. Students submitted essays on the U.S. Constitution to be selected, and participated in a mock bill debate in the Warner Legislative Chamber alongside Governor Jim Pillen, Senator Carolyn Bosn, Justice Derek Vaughn, and bureau chiefs from the Attorney General's office. The event focused on government, law, and consumer protection topics.

Nebraska AG Joins Amicus Brief Defending 2nd Amendment

Nebraska Attorney General Hilgers joined an amicus brief defending Second Amendment rights against overreaching lawsuits that threaten those constitutional protections, announced April 14, 2026. The filing represents the state's participation in federal litigation concerning firearms rights. This is a procedural legal action that does not create compliance obligations for private parties.

AG Hilgers Joins Letter Requesting DOJ Withdraw Funding from Groups Limiting Parents Rights

Nebraska Attorney General Hilgers joined a bipartisan coalition of state AGs in sending a letter to the U.S. Department of Justice requesting the withdrawal of federal funding from groups that allegedly limit parents' rights in court proceedings related to gender ideology. The letter specifically targets organizations involved in gender ideology trainings. The action represents advocacy rather than a binding regulatory change.

Nebraska AG Responds to Court-Ordered Death Sentence for Jason Jones

Jason Jones was convicted of a quadruple homicide in Laurel, Nebraska. A three-judge panel issued a court-ordered death sentence, with the panel explaining the appropriateness of the sentence under Nebraska statutes and case law history. The Nebraska Attorney General released a statement on April 10, 2026, expressing gratitude for the panel's thorough and well-reasoned order.

AG Hilgers Joins Amicus Brief Supporting Religious Liberty for Churches at SCOTUS

Nebraska Attorney General Hilgers has joined an amicus brief before the United States Supreme Court supporting the religious liberty and free speech rights of churches in California. The amicus brief was filed in connection with a case involving constitutional protections for religious exercise. This action represents a state law enforcement official's advocacy position on a matter of federal constitutional law and does not impose any compliance obligations on private parties.

Nebraska Joins FTC and Coalition States Lawsuit Against Ad Agencies for Digital Advertising Collusion

Nebraska Attorney General Hilgers joined the FTC and eight states in filing an antitrust lawsuit against major advertising agencies WPP, Publicis, Dentsu, Omnicom, and IPG for allegedly colluding since 2018 to establish common 'Brand Safety Floor' standards targeting 'misinformation.' The complaint alleges that firms NewsGuard and the Global Disinformation Index were used to promote demonetization of disfavored political viewpoints, displacing competition in the market for ad-buying services. The ad agencies have agreed to a proposed consent order that would prevent engaging in agreements setting common brand safety standards or restricting advertising based on biased criteria. The complaint and order were filed in the U.S. District Court for the Northern District of Texas.

AG Hilgers Leads Coalition Letter to Fitch, Moody's, S&P on ESG Policies

Attorney General Mike Hilgers co-led a coalition of 23 state attorneys general in sending a letter to Fitch Ratings, Moody's, and S&P Global Ratings questioning the lawfulness of their ESG credit policies. The letter raises concerns that the agencies artificially increase demand for their ESG consulting services while downgrading fossil-fuel companies based on speculative ESG goals, which the states argue constitutes an undisclosed material conflict of interest and may violate antitrust and state consumer-protection laws.

Nebraska AG Pushes for State and Local Authority to Combat Illegal Drone Drops at Prisons

Nebraska Attorney General Hilgers has formally advocated for state and local authorities to receive expanded enforcement powers to combat illegal drone deliveries at prisons. The push comes via a letter submitted to a federal Task Force focused on restoring American airspace sovereignty. The initiative targets contraband drone drops, which have become a growing security concern at correctional facilities nationwide.

AG Hilgers Joins Amicus Brief on Bar Quotas and First Amendment

Nebraska Attorney General Hilgers announced on March 23, 2026, that the state joined an amicus brief in litigation challenging state bar associations that seek First Amendment protection to implement racial or gender quotas. The brief was authored alongside a coalition of states arguing that mandatory bar associations cannot invoke First Amendment rights to avoid anti-discrimination obligations. The filing specifically addresses whether bar associations may use constitutional protections as a shield for quota-based membership or advancement policies.

PBGC Requests Extension of OMB Approval for Multiemployer Plan Information Collections, Comments Close May 22

PBGC has requested that OMB extend approval for seven collections of information in its multiemployer plan regulations under ERISA for three years. OMB approvals currently expire May 31, 2026. The notice, a PRA extension request for existing information collections (29 CFR Parts 4203, 4204, 4207, 4208, 4211, 4213, and 4221), solicits public comment; no comments were received on PBGC's advance January 12, 2026 notice (91 FR 1217). The seven OMB control numbers (1212-0021, 1212-0023, 1212-0035, 1212-0039, 1212-0044, 1212-0053, 1212-0066) cover withdrawal liability determinations, abatement rules, and allocation of unfunded vested benefits. Estimated annual burdens range from 0.5 hours (partial withdrawal abatement) to 1,050 hours (asset-sale variances), with cost estimates from $1,000 to $702,000 per collection annually.

Vicenne Crosses 10% Shareholding Threshold

AMMC Morocco disclosed that Vicenne has crossed the 10% shareholding threshold, triggering mandatory disclosure obligations under Moroccan securities law. The notification was published on April 22, 2026. This type of disclosure is required when an investor acquires or disposes of a significant ownership stake in a listed company, ensuring market transparency for other investors.

AMMC Partners ANRF, CNASNU for AML/CFT Seminar

AMMC Morocco has partnered with ANRF (National Authority for Financial Intelligence) and CNASNU (National Commission for the Evaluation of Internal Control Systems) to organize a joint awareness-raising seminar on AML/CFT obligations. The seminar targets capital market participants and focuses on strengthening compliance with anti-money laundering and counter-terrorist financing requirements. This is an informational event organized by Morocco's capital markets regulator.

AMMC Launches Institutional Portal for Futures Market Coordination Body

AMMC Morocco has launched an institutional portal for the Futures Market Coordination Body (ICMAT - Instance de Coordination du Marché des Instruments Financiers à Terme). The portal was officially released on April 6, 2026. The launch was announced alongside other AMMC regulatory activities including shareholding threshold notifications, AML/CFT awareness seminars, and various prospectus approvals for listed companies.

Targa Pipeline ICR Facility Survey Responses April 2025

Twelve Oil and Gas Information Collection Request facility survey responses were submitted to EPA as attachments to docket EPA-HQ-OAR-2025-1348 on April 22. The submissions cover production and processing facilities identified by location names including Graham CS, Mathews CS, Ketchum Ranch CS, Dillard CS, and others. These responses are part of the EPA's ongoing data collection process for oil and gas sector emissions and operational information.

FLAS Fellowship Employment Survey, Comments Due Jun 22

The Department of Education is seeking public comment on a revision to an approved information collection for the Foreign Language and Area Studies (FLAS) Fellowships program survey (OMB Control No. 1840-0829). The revision updates the estimated number of annual responses from the prior approval to 10,000, and corresponding annual burden hours to 1,300. Minor edits were made to remove outdated links and update contact information. Comments are due June 22, 2026.

Multiple Energy News Items: Rates, Settlements, Public Comments

The WA UTC Energy News page aggregates recent regulatory announcements including a Northwest Natural Gas rate increase proposal open for public comment, a technical conference on large energy loads on April 27, and a $2 million settlement with Cascade Natural Gas. The page also links to multiple orders affecting Puget Sound Energy rates, PacifiCorp tariff updates, and adopted rules for Integrated System Plans.

CenturyLink Penalties, AT&T Transfer, Ziply Sale Updates

Washington Utilities and Transportation Commission news page aggregating multiple telecommunications regulatory updates including: UTC staff adjusting a penalty recommendation for CenturyLink from $15.5M to $10.9M; approval of CenturyLink fiber sale with new customer protections; public comment opportunities on transfer of assets from CenturyLink to AT&T; and approval of transfer of control of Ziply Fiber Northwest to Bell Canada.

DNSdist Multiple DoS Vulnerabilities CVSS 7.5

CERT-Bund published security advisory WID-SEC-2026-1230 on 21 April 2026 disclosing multiple denial-of-service vulnerabilities in Open Source DNSdist versions below 1.9.13 and 2.0.4. The vulnerabilities carry a CVSS Base Score of 7.5 (high) and a Temporal Score of 6.5 (medium), with remote exploitation confirmed. DNSdist is a DNS traffic manager deployed as a load balancer, filter, and security gateway in front of DNS servers. No specific mitigations beyond general security practices are detailed in the advisory.

VMware Tanzu Spring Security Critical Flaws, CVSS 9.6

CERT-Bund published a critical security advisory WID-SEC-2026-1221 for VMware Tanzu Spring Security, assigning a CVSS Base Score of 9.6 (critical) and a CVSS Temporal Score of 8.3 (high). Multiple vulnerabilities allow a remote attacker to disclose information, bypass security measures, impersonate users, or manipulate data, potentially enabling privilege escalation, SSRF, or Cross-Site-Scripting attacks. Affected versions are VMware Tanzu Spring Security <6.5.10, <7.0.5, and <7.1.0-RC1. Organizations running these versions should apply mitigations immediately.

PackageKit Privilege Escalation Vulnerability Advisory (CVSS 8.8)

CERT-Bund published security advisory WID-SEC-2026-1233 on 21 April 2026 alerting to a privilege escalation vulnerability in Open Source PackageKit versions prior to 1.3.5. The vulnerability carries a CVSS Base Score of 8.8 (high) and a Temporal Score of 7.7 (high). Remote attack is not possible; exploitation requires local access to the affected system. CERT-Bund indicates a mitigation is available and recommends affected organisations apply patches or workarounds promptly.

Microsoft GitHub Enterprise Server: Multiple Vulnerabilities, CVSS 8.9 (High)

CERT-Bund issued a security advisory warning of multiple vulnerabilities in Microsoft GitHub Enterprise Server affecting versions prior to 3.20.1, 3.19.5, 3.18.8, 3.17.14, 3.16.17, and 3.15.21. The vulnerabilities carry a CVSS Base Score of 8.9 (High) and a CVSS Temporal Score of 7.7 (High), with remote attack capability confirmed. An attacker could exploit these flaws to bypass security controls, execute arbitrary code, and disclose information. Mitigation measures are available and organisations running affected versions should apply patches promptly.

CPython Vulnerability Allows Remote Attack, CVSS 8.6

CERT-Bund published security advisory WID-SEC-2026-1222 warning of a vulnerability in CPython versions prior to 3.15.0. The vulnerability carries a CVSS Base Score of 8.6 (high) and a Temporal Score of 7.5 (high), with remote attack capability confirmed. All major operating systems including Linux, UNIX, Windows, and other platforms are affected.

Multiple binutils Flaws Allow DoS, Code Execution

CERT-Bund published security advisory WID-SEC-2026-1217 disclosing multiple vulnerabilities in GNU binutils with a CVSS Base Score of 7.8 (high). The vulnerabilities affect Linux, UNIX, and other operating systems running the GNU Binary Utilities collection. A local attacker can exploit these flaws to conduct denial of service attacks or execute arbitrary code on affected systems.

HCL BigFix Flaw Allows Privilege Escalation

CERT-Bund published a security advisory regarding a vulnerability in HCL BigFix Service Management (versions prior to 27). The flaw, rated CVSS Base Score 8.3 (high) and CVSS Temporal Score 7.2 (high), allows a remote authenticated attacker to bypass security controls and potentially escalate privileges. The vulnerability affects systems running Linux, UNIX, and Windows. A mitigation is available.

Linux Kernel Multiple DoS Vulnerabilities CVSS 7.5

CERT-Bund published a security advisory on 21 April 2026 warning of multiple denial of service vulnerabilities in the Linux Kernel. The advisory carries a CVSS Base Score of 7.5 (high) and a CVSS Temporal Score of 6.5 (medium), with remote attack confirmed. A mitigation measure is available as of the advisory date.

Microsoft ASP.NET Privilege Escalation Vulnerability, CVSS 9.1 Critical

CERT-Bund, Germany's Federal Computer Emergency Response Team, issued a critical security advisory (WID-SEC-2026-1213) on 21 April 2026 regarding a privilege escalation vulnerability in Microsoft ASP.NET. The flaw, affecting versions prior to 10.0.7, carries a CVSS Base Score of 9.1 (Critical) and a Temporal Score of 7.9 (High), with confirmed remote attack feasibility. Mitigation measures are available, and the current status is dated 22 April 2026. Organizations running vulnerable Microsoft ASP.NET deployments should treat this as an immediate patching priority given the critical severity rating and confirmed remote exploitability.

Critical CVSS 9.9 Atlassian Vulnerabilities Affect Bamboo, Bitbucket, Confluence, Jira

CERT-Bund issued a critical security advisory (WID-SEC-2026-1229) regarding multiple vulnerabilities in Atlassian Bamboo, Bitbucket, Confluence, and Jira with a CVSS Base Score of 9.9 (critical) and Temporal Score of 8.6 (high). Affected versions include Bamboo before 12.1.6 and 10.2.18, Bitbucket before 10.2.2 and 9.4.19, Confluence before 10.2.10 and 9.2.19, and Jira before 11.3.4 and 10.3.19. A remote attacker can exploit these flaws to execute arbitrary code, bypass security controls, manipulate or disclose data, or conduct Cross-Site-Scripting attacks. Organizations running these products should apply patches immediately and review available mitigations.

IBM App Connect Enterprise <13.0.7.0 Multiple Critical Vulnerabilities Allow File Manipulation, DoS

CERT-Bund issued a critical security advisory (WID-SEC-2026-1220) for IBM App Connect Enterprise, rating the vulnerabilities CVSS Base Score 9.8 (kritisch) with a Remoteangriff (remote attack) capability confirmed. Affected versions are IBM App Connect Enterprise below version 13.0.7.0 and below version 12.0.12.25. An anonymous remote attacker can exploit multiple vulnerabilities to manipulate files and conduct denial of service attacks. Mitigation measures are available.