ARTIKEL SUCHE
Threat Feed QueryDurchsuche alle aggregierten Security-Artikel nach Schlagworten, CVE-IDs und Quellen.
[Critical] CVE-2026-46425 – Budibase is an open-source low-code platform. Prior to 3.38.2, packages/worker/s...
Critical CVE-2026-46425 Budibase is an open-source low-code platform. Prior to 3.38.2, packages/worker/src/api/routes/global/scim.ts attaches only two middlewares to the SCIM router: requireSCIM (checks the Enterprise fe
[Critical] CVE-2026-45087 – Dalfox is a powerful open-source XSS scanner and utility focused on automation. ...
Critical CVE-2026-45087 Dalfox is a powerful open-source XSS scanner and utility focused on automation. Prior to 2.13.0, when dalfox is started in REST API server mode (dalfox server), the server binds to 0.0.0.0:6664 by
[Critical] CVE-2026-48027 – Nx Console is the user interface for Nx & Lerna. On 19 May 2026, a malicious ver...
Critical CVE-2026-48027 Nx Console is the user interface for Nx & Lerna. On 19 May 2026, a malicious version of Nx Console, 18.95.0, was published at 12:30 PM UTC and removed soon after at 12:48 PM UTC, leaving it availa
[Critical] CVE-2026-44330 – free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2,...
Critical CVE-2026-44330 free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's NEF mounts the nnef-pfdmanagement route group without inbound OAuth2/bearer-token authorization. A networ
How Top CISOs Increase Risk Visibility for Zero Critical Incidents
How many alerts in your SOC are truly business-critical, and how many only look urgent because the team lacks context? This is one of the hardest questions for CISOs today. Without clear visibility, teams can waste time
Attackers Can Exploit BadHost to Access Sensitive AI Agent Server Endpoints
A newly disclosed critical vulnerability, tracked as CVE-2026-48710 and dubbed “BadHost,” is putting thousands of AI-powered applications at risk by enabling authentication bypass through manipulated HTTP headers. The fl
CVE-2026-49103 - Webmin File Name Injection Vulnerability
CVE ID :CVE-2026-49103 Published : May 27, 2026, 3:16 p.m. | 1 hour, 53 minutes ago Description :Webmin before 2.640 does not safely construct a filename for saving of an attachment within the mailboxes component.
[Critical] CVE-2026-49103 – Webmin before 2.640 does not safely construct a filename for saving of an attach...
Critical CVE-2026-49103 Webmin before 2.640 does not safely construct a filename for saving of an attachment within the mailboxes component. This occurs in mailboxes/detachall.cgi. CVSS: 9.4 · CWE: CWE-24 View on NVD
CISA Warns of LiteSpeed cPanel Plugin Vulnerability Exploited in Attacks
CISA has issued an urgent warning regarding a critical vulnerability in the LiteSpeed cPanel Plugin, identified as CVE-2026-48172, which is currently being exploited in real-world attacks. The flaw enables privilege esca
GitHub Enterprise Server 3.20.3 Released With Fox for Critical Vulnerabilities
GitHub has shipped GitHub Enterprise Server (GHES) 3.20.3 as a security‑driven patch release that fixes multiple critical and high‑severity vulnerabilities and rotates the signing key used to validate GHES release packag
Windows Kernel Vulnerability Allows Attackers to Modify Kernel Memory Counters
A critical Windows kernel vulnerability, tracked as CVE-2026-40369, has been disclosed, enabling attackers to achieve full SYSTEM-level privilege escalation even from the most restricted environments, including browser s
[Critical] CVE-2026-7524 – IBM Langflow OSS 1.0.0 through 1.9.1 could allow remote code execution due to im...
Critical CVE-2026-7524 IBM Langflow OSS 1.0.0 through 1.9.1 could allow remote code execution due to improper validation of symbolic links during archive extraction. CVSS: 9.8 · CWE: CWE-22 View on NVD
[Critical] CVE-2026-8175 – IBM Aspera High-Speed Transfer Endpoint 3.7.4 through 4.4.7 Fix Pack 1 and IBM A...
Critical CVE-2026-8175 IBM Aspera High-Speed Transfer Endpoint 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Server 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Endpoint are affec
CVE-2026-7524 - Path Traversal Vulnerability in File Processing Components Allows Unauthorized File System Access and Potential Remote Code Execution
CVE ID :CVE-2026-7524 Published : May 27, 2026, 2:17 p.m. | 52 minutes ago Description :IBM Langflow OSS 1.0.0 through 1.9.1 could allow remote code execution due to improper validation of symbolic links during arc
CISA gives feds 4 days to patch actively exploited cPanel plugin flaw
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has given U.S. federal agencies four days to secure their servers against a critical vulnerability in the LiteSpeed cPanel user-end plugin, which is active
[Critical] CVE-2026-49002 – Access control failure means that an application does not effectively check user...
Critical CVE-2026-49002 Access control failure means that an application does not effectively check user access permissions, so that unauthorized users can access system data beyond their permissions, such as viewing and
[Critical] CVE-2026-8054 – Improper Neutralization of Special Elements used in an SQL Command ('SQL Injecti...
Critical CVE-2026-8054 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in the Publish Audit API endpoints (/api/auditPublishing/get and /api/auditPublishing/getAll) in dotCMS Core 25.
[High] CVE-2026-40836 – An low privileged remote attacker can exploit an unauthenticated SQL Injection v...
High CVE-2026-40836 An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the inmessage model due to improper neutralization of special elements in a SQL DELETE command allowing
[Critical] CVE-2025-12686 – Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerabi...
Critical CVE-2025-12686 Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in AdminCenter in Synology BeeStation Manager (BSM) before 1.3.2-65648 and Synology BeeStation OS before 1.3.2-
CVE-2026-48906 - Extension - tassos.gr - Arbitrary File Deletion in Novarain/Tassos Framework < 6.1.0 for Joomla
CVE ID :CVE-2026-48906 Published : 27 May 2026, 9:11 a.m. | 1 hour, 57 minutes ago Description :The vulnerability in the Tassos Framework Plugin allows users to delete arbitrary files on the affected sites. Seve