ARTIKEL SUCHE
Threat Feed QueryDurchsuche alle aggregierten Security-Artikel nach Schlagworten, CVE-IDs und Quellen.
CVE-2026-48899 - Joomla! Core - [20260515] - Incorrect Access Control in sample data plugins
CVE ID :CVE-2026-48899 Published : May 26, 2026, 5:16 p.m. | 3 hours, 50 minutes ago Description :An improper access check allows privilege escalation through the com_users batch task. Severity: 9.8 | CRITICAL
[Critical] CVE-2026-45721 – Algernon is a small self-contained pure-Go web server. Prior to 1.17.7, when Alg...
Critical CVE-2026-45721 Algernon is a small self-contained pure-Go web server. Prior to 1.17.7, when Algernon is asked for any URL path that resolves to a directory without an index file, DirPage walks upward through par
China-Linked Hackers Target Southeast Asian Edge Routers With Custom Linux Implant
A sophisticated China-linked hacking group has been caught targeting edge routers across Southeast Asia, deploying a custom-built Linux implant that gives them deep control over network traffic. The campaign has been rat
[Critical] CVE-2026-45247 – Mirasvit Full Page Cache Warmer for Magento 2 before version 1.11.12 contains a ...
Critical CVE-2026-45247 Mirasvit Full Page Cache Warmer for Magento 2 before version 1.11.12 contains a PHP object injection vulnerability that allows unauthenticated attackers to achieve remote code execution by supplyi
[Critical] CVE-2026-9543 – A vulnerability has been found in Totolink N300RH 6.1c.1353_B20190305. Affected ...
Critical CVE-2026-9543 A vulnerability has been found in Totolink N300RH 6.1c.1353_B20190305. Affected is the function setPasswordCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Such manip
[Critical] CVE-2026-7374 – A flaw was found in KubeVirt's virt-handler component. This vulnerability allows...
Critical CVE-2026-7374 A flaw was found in KubeVirt's virt-handler component. This vulnerability allows an authenticated OpenShift user with edit permissions in a single namespace to exploit improper symlink validation w
Microsoft SharePoint Server Vulnerability Enables Remote Code Execution Attacks
Microsoft has disclosed a critical security vulnerability in SharePoint Server that could allow authenticated attackers to execute arbitrary code remotely across multiple versions of the platform. Tracked as CVE-2026-456
Hackers Exploit Ghost CMS CVE-2026-26980 to Poison 700 Websites With ClickFix Malware
A critical SQL injection flaw in Ghost CMS has been weaponized by at least two threat actor groups to silently poison over 700 websites with ClickFix malware, putting unsuspecting visitors at serious risk. The vulnerabil
Windows Server 2016 Domain Controller May Fail with 15-Character Hostname
Windows administrators are facing a disruptive bug in Windows Server 2016 following Microsoft’s May 12, 2026, security update KB5087537. The update introduced a critical flaw that caused domain controller discovery to co
Critical Memcached SASL Vulnerability Let Attackers Infer Valid Usernames
A newly disclosed security issue in Memcached has raised concerns after developers confirmed a timing side-channel vulnerability in its SASL authentication mechanism that could allow attackers to infer valid usernames, n
ConnectWise Automate Vulnerability Let Attackers Bypass Security Checks
ConnectWise has disclosed a high-impact security vulnerability in its Automate platform that could allow attackers to bypass critical security checks and execute malicious code under specific conditions. The flaw, tracke
MFA Prompt Bombing: Why Your Second Factor Isn't Saving You
Multi-factor authentication (MFA) was supposed to close a critical gap in identity security. It meant that, even if an attacker possessed the account credentials, they couldn't log in without the second factor. While tha
CERT-In Mandates 12-Hour Patching for Internet-Facing Flaws Amid AI-Assisted Attacks
The Indian Computer Emergency Response Team (CERT-In) has issued new guidelines requiring organizations to patch critical security vulnerabilities in internet-exposed systems within 12 hours of being flagged where "feasi
New 7-Zip Vulnerabilities Let Attackers Execute Arbitrary Code and Compromise Systems
A critical heap buffer overflow vulnerability has been disclosed in 7-Zip version 26.00, enabling attackers to achieve arbitrary code execution via a vtable hijack by exploiting a defect in the tool’s NTFS archive handle
Ghost CMS CVE-2026-26980 Exploited to Hijack 700+ Sites for ClickFix Attacks
Threat actors are exploiting a recently disclosed critical security flaw in Ghost CMS to inject malicious JavaScript code with an aim to fuel ClickFix attacks. According to QiAnXin XLab, the activity involves the exploi
[Critical] CVE-2026-2651 – A vulnerability in MLflow versions <=3.10.1.dev0 allows unauthorized access to m...
Critical CVE-2026-2651 A vulnerability in MLflow versions <=3.10.1.dev0 allows unauthorized access to multipart upload (MPU) endpoints when the `--serve-artifacts` mode is enabled. The authorization logic does not enforc
CISA Warns of Drupal Core SQL Injection Vulnerability Exploited in Attacks
CISA has issued an urgent alert regarding a critical SQL injection vulnerability in Drupal Core, tracked as CVE-2026-9082, which is now being actively exploited in real-world attacks. The flaw, classified under CWE-89, a
Wireshark 4.6.6 Released With Fix for Dissector Crash via Malformed Packet Injection
The Wireshark Foundation has released Wireshark 4.6.6, addressing a critical security vulnerability in the ROHC (Robust Header Compression) protocol dissector that could allow an attacker to crash the application by inje
Ghost CMS SQL injection flaw exploited in large-scale ClickFix campaign
A large-scale campaign is exploiting a critical SQL injection vulnerability (CVE-2026-26980) in Ghost CMS to inject malicious JavaScript code that triggers ClickFix attack flows. [...]
[Critical] CVE-2018-25357 – Dolibarr ERP CRM 7.0.3 contains a remote code execution vulnerability that allow...
Critical CVE-2018-25357 Dolibarr ERP CRM 7.0.3 contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary code by injecting PHP code through the db_name parameter. Attackers