ARTIKEL SUCHE
Threat Feed QueryDurchsuche alle aggregierten Security-Artikel nach Schlagworten, CVE-IDs und Quellen.
VMware Tools 12.5.2 korrigieren zwei Sicherheitslücken und mehr
<html><body><div style="float: center;"></div> <p>VMWare hat die VMware Tools auf die Version VMware Tools 12.5.2 (12.5.2.24697584) aktualisiert. Der Grund sind zwei Sicherheitslücken (CVE-2025-22247 und CVE-2024-43590),
PoC Exploit Released For Linux Kernel’s nftables Subsystem Vulnerability
<html><body><p>A critical Proof-of-Concept (PoC) exploit has been released for a significant vulnerability in the Linux kernel’s nftables subsystem, tracked as CVE-2024-26809. This flaw, rooted in the kernel’s netfilter
Radware Cloud Web App Firewall Vulnerability Let Attackers Bypass Filters
<html><body><p>Security researchers have uncovered critical vulnerabilities in Radware’s Cloud Web Application Firewall (WAF) that could allow attackers to completely bypass security filters, potentially exposing underly
Researchers Details macOS Remote Code Execution Vulnerability – CVE-2024-44236
<html><body><p>A critical remote code execution vulnerability identified in Apple’s macOS operating system, tracked as CVE-2024-44236. The vulnerability, which carries a high CVSS score of 7.8, could allow attackers to e
IBM Cognos Analytics Vulnerability Let Attackers Upload Malicious Files
<html><body><p>IBM has issued a critical security advisory warning of two high-severity vulnerabilities affecting its Cognos Analytics platform that could allow attackers to upload malicious files and execute code on aff
Mirai Botnet Actively Exploiting GeoVision IoT Devices Command Injection Vulnerabilities
<html><body><p>The cybersecurity landscape has once again been disrupted by the resurgence of the notorious Mirai botnet, which has been actively exploiting command injection vulnerabilities in discontinued GeoVision Int
Samsung MagicINFO flaw exploited days after PoC exploit publication
<html><body><p>Threat actors started exploiting a vulnerability in Samsung MagicINFO only days after a PoC exploit was published. Arctic Wolf researchers observed threat actors beginning to exploit a high-severity vulner
Samsung MagicINFO 9 Server Vulnerability Exploited in the Wild
<html><body><p>A critical security vulnerability in Samsung’s digital signage management platform has moved from theoretical risk to active threat as attackers begin exploiting it in real-world attacks. CVE-2024-7399, a
CISA Warns of Apache HTTP Server Escape Vulnerability Exploited in the Wild
<html><body><p>The Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2024-38475, a critical vulnerability affecting Apache HTTP Server, to its Known Exploited Vulnerabilities (KEV) catalog. This vuln
Oracle VirtualBox Vulnerability Exposes Systems to Privilege Escalation Attacks
<html><body><p>A critical security flaw in Oracle VM VirtualBox (CVE-2024-21113) has been patched after researchers discovered it could allow local attackers to escalate privileges and compromise hypervisor environments.
Two SonicWall SMA100 flaws actively exploited in the wild
<html><body><p>SonicWall confirmed that threat actors actively exploited two vulnerabilities impacting its SMA100 Secure Mobile Access (SMA) appliances. SonicWall revealed that attackers actively exploited two security v
Critical Viasat Firmware Vulnerability Let Attackers Execute Remote Code
<html><body><p>A critical security flaw (CVE-2024-6198) in widely deployed Viasat satellite modems allows unauthenticated attackers to execute arbitrary code on affected devices via a stack buffer overflow in the “SNORE”
Samsung MagicINFO Vulnerability Allows Remote Code Execution Without Valid User
<html><body><p>A critical security vulnerability has been discovered in Samsung’s MagicINFO digital signage management platform that could allow attackers to execute arbitrary code with system-level privileges without re
Attackers chained Craft CMS zero-days attacks in the wild
<html><body><p>Orange Cyberdefense’s CSIRT reported that threat actors exploited two vulnerabilities in Craft CMS to breach servers and steal data. Orange Cyberdefense’s CSIRT warns that threat actors chained two Craft C
Citrix NetScaler Console Vulnerability Enables Admin Access – PoC Released
<html><body><p>A critical vulnerability in Citrix NetScaler Console allows complete unauthenticated administrative access despite being initially classified as merely a “sensitive information disclosure” issue. The proo
ASUS releases fix for AMI bug that lets hackers brick servers
<html><body><p>ASUS has released security updates to address CVE-2024-54085, a maximum severity flaw that could allow attackers to hijack and potentially brick servers. [...]</p></body></html>
Linux Kernel Vulnerability Let Attackers Escalate Privilege – PoC Released
<html><body><p>A newly discovered vulnerability, CVE-2024-53141, in the Linux kernel’s IP sets framework has exposed a critical security flaw that allows local attackers to escalate privileges and potentially gain root a
Samsung Galaxy S24 Vulnerability Let Create Arbitrary Files on Affected Installations
<html><body><p>A significant vulnerability in Samsung Galaxy S24 devices that allows network-adjacent attackers to create arbitrary files on affected installations. The flaw, identified as CVE-2024-49421, was publicly a
Symbolic Link trick lets attackers bypass FortiGate patches, Fortinet warns
<html><body><p>Fortinet warns attackers can keep read-only access to FortiGate devices even after the original vulnerability is patched. Fortinet warns that threat actors can retain read-only access to FortiGate devices
U.S. CISA adds Linux Kernel flaws to its Known Exploited Vulnerabilities catalog
<html><body><p>U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Linux Kernel flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added L