ARTIKEL SUCHE
Threat Feed QueryDurchsuche alle aggregierten Security-Artikel nach Schlagworten, CVE-IDs und Quellen.
[High] CVE-2026-40836 – An low privileged remote attacker can exploit an unauthenticated SQL Injection v...
High CVE-2026-40836 An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the inmessage model due to improper neutralization of special elements in a SQL DELETE command allowing
[Critical] CVE-2025-12686 – Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerabi...
Critical CVE-2025-12686 Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in AdminCenter in Synology BeeStation Manager (BSM) before 1.3.2-65648 and Synology BeeStation OS before 1.3.2-
CVE-2026-48906 - Extension - tassos.gr - Arbitrary File Deletion in Novarain/Tassos Framework < 6.1.0 for Joomla
CVE ID :CVE-2026-48906 Published : 27 May 2026, 9:11 a.m. | 1 hour, 57 minutes ago Description :The vulnerability in the Tassos Framework Plugin allows users to delete arbitrary files on the affected sites. Seve
Microsoft SharePoint Has a New RCE Flaw. If You Haven’t Patched Yet, Go Do That.
A critical vulnerability, tracked as CVE-2026-45659, in Microsoft SharePoint can allow attackers to achieve remote code execution with little effort. Microsoft released security updates to patch a high-severity SharePoin
India’s CERT-In Asks Organizations to Patch Vulnerabilities in Systems Within 12 hours
India’s national computer emergency response agency CERT-In has warned enterprises to patch high-risk vulnerabilities on internet-facing and critical systems within 12 hours of discovery or active exploitation. The direc
[Critical] CVE-2026-9312 – A server-side request forgery (SSRF) vulnerability was identified in GitHub Ente...
Critical CVE-2026-9312 A server-side request forgery (SSRF) vulnerability was identified in GitHub Enterprise Server that allowed an unauthenticated attacker to send crafted requests to internal services by exploiting in
[Critical] CVE-2026-44895 – GitLab MCP Server lets an AI agent talk directly to GitLab. Prior to 0.6.0, the ...
Critical CVE-2026-44895 GitLab MCP Server lets an AI agent talk directly to GitLab. Prior to 0.6.0, the HTTP transport in src/transport.ts ships with no authentication layer at all and a wildcard Access-Control-Allow-Ori
[Critical] CVE-2026-9642 – There is a mitigation bypass / (incomplete fix) for CVE-2025-62582 (Unauthentica...
Critical CVE-2026-9642 There is a mitigation bypass / (incomplete fix) for CVE-2025-62582 (Unauthenticated Remote Database Access) An unauthenticated remote attacker can access configured databases in a DIAView project
[Critical] CVE-2026-44451 – Lumiverse is a full-featured AI chat application. Prior to 0.9.7, the component ...
Critical CVE-2026-44451 Lumiverse is a full-featured AI chat application. Prior to 0.9.7, the component override system transpiles user-supplied TSX via Sucrase and evaluates it with new Function, shadowing dangerous glo
[Critical] CVE-2026-44444 – Lumiverse is a full-featured AI chat application. Prior to 0.9.7, the Spindle ex...
Critical CVE-2026-44444 Lumiverse is a full-featured AI chat application. Prior to 0.9.7, the Spindle extension build pipeline calls bun install without the --ignore-scripts flag before running the static backend safety
KnowledgeDeliver flaw exploited as a zero-day to install web shells
Hackers exploited a critical zero-day vulnerability in a server running the KnowledgeDeliver learning management system (LMS) to deploy the Godzilla web shell. [...]
[Critical] CVE-2026-48689 – FastNetMon Community Edition through 1.2.9 contains an off-by-one heap-based buf...
Critical CVE-2026-48689 FastNetMon Community Edition through 1.2.9 contains an off-by-one heap-based buffer overflow in the dynamic_binary_buffer_t class (src/dynamic_binary_buffer.hpp). Five methods (append_dynamic_buff
[Critical] CVE-2026-3660 – IBM Engineering Lifecycle Management 7.0.3 ( through ) Interim Fix 021, 7.1.0 ( ...
Critical CVE-2026-3660 IBM Engineering Lifecycle Management 7.0.3 ( through ) Interim Fix 021, 7.1.0 ( through ) Interim Fix 009, and 7.2.0 ( through ) Interim Fix 001 could allow an unauthenticated remote attacker to up
[Critical] CVE-2026-9560 – Privilege escalation via background service of OpenVPN Connect 3.5.1 through 3.8...
Critical CVE-2026-9560 Privilege escalation via background service of OpenVPN Connect 3.5.1 through 3.8.1 on macOS allows attackers to execute arbitrary commands with elevated privileges via local IPC channel CVSS: 9.4 ·
[Critical] CVE-2026-8633 – IBM Web Server Plug-ins for WebSphere Application Server and WebSphere Liberty 8...
Critical CVE-2026-8633 IBM Web Server Plug-ins for WebSphere Application Server and WebSphere Liberty 8.5, 9.0 IBM WebSphere Application Server and WebSphere Application Server Liberty are vulnerable to remote code execu
[Critical] CVE-2026-7251 – Eppendorf BioFlo 320 is vulnerable to due to VNC server using a hard-coded passw...
Critical CVE-2026-7251 Eppendorf BioFlo 320 is vulnerable to due to VNC server using a hard-coded password. If a remote attacker knows the network address of any BioFlo 320 model with remote access enabled, they can gain
[Critical] CVE-2026-46624 – Twenty is an open source CRM. From 1.7.7 through 1.16.7, a critical Remote Code ...
Critical CVE-2026-46624 Twenty is an open source CRM. From 1.7.7 through 1.16.7, a critical Remote Code Execution (RCE) vulnerability exists in Twenty CRM via a chained SQL Injection and PostgreSQL COPY TO PROGRAM attack
[Critical] CVE-2026-47202 – Kavita is a cross platform reading server. Prior to 0.9.0.2, an Improper Token v...
Critical CVE-2026-47202 Kavita is a cross platform reading server. Prior to 0.9.0.2, an Improper Token validation flaw permits a remote and unauthenticated threat actor to request a JWT for any user including admins give
CVE-2026-46624 - Twenty: SQL Injection via the timeZone field
CVE ID :CVE-2026-46624 Published : May 26, 2026, 6:16 p.m. | 50 minutes ago Description :Twenty is an open source CRM. From 1.7.7 through 1.16.7, a critical Remote Code Execution (RCE) vulnerability exists in Twent
[Medium] CVE-2025-33221 – NVIDIA Display Driver for Windows and Linux contains a vulnerability in the kern...
Medium CVE-2025-33221 NVIDIA Display Driver for Windows and Linux contains a vulnerability in the kernel driver, where a user could cause an incorrect permission assignment for a critical resource. A successful exploit o