ARTIKEL SUCHE
Threat Feed QueryDurchsuche alle aggregierten Security-Artikel nach Schlagworten, CVE-IDs und Quellen.
Ubiquiti Patches Critical UniFi OS Vulnerabilities Allowing Remote Privilege Escalation
Ubiquiti Networks has released urgent security updates to address a series of highly critical vulnerabilities affecting its UniFi OS platform. These severe flaws could allow unauthenticated, remote attackers to execute a
LiteSpeed cPanel Plugin 0-Day Exploited in the wild to Gain Server Root Access
LiteSpeed has disclosed and patched a critical 0‑day privilege escalation flaw in its user-end cPanel plugin that is already being actively exploited to gain root access on Linux hosting servers. The bug is tracked as CV
[Critical] CVE-2026-32253 – Sunshine is a self-hosted game stream host for Moonlight. In versions prior to 2...
Critical CVE-2026-32253 Sunshine is a self-hosted game stream host for Moonlight. In versions prior to 2026.516.143833, the client-certificate authentication can be bypassed because of how OpenSSL verification results ar
CISA adds Langflow Origin Validation Flaw to Known Exploited Vulnerabilities Catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical Langflow vulnerability, tracked as CVE-2025-34291, to its Known Exploited Vulnerabilities (KEV) Catalog, signaling active exploitatio
Cisco’s Risk-Based Vulnerability Disclosure in the Age of AI
Discover how Cisco is evolving its vulnerability disclosure practices. We are leveraging AI to prioritize high-risk security issues, helping customers focus on critical patching and remediation efforts.
CISA Warns of Microsoft Defender 0-Day Vulnerabilities Exploited in Attacks
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two critical Microsoft Defender vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, warning organizations of active exploitatio
Drupal: Critical SQL injection flaw now targeted in attacks
Drupal is warning that hackers are attempting to exploit a "highly critical" SQL injection vulnerability announced earlier this week. [...]
Update Chrome now: Critical bugs could let attackers run code
This Chrome update fixes critical flaws attackers could exploit through malicious websites, but not the “Browser Fetch” vulnerability.
CISA Warns of Trend Micro Apex One Vulnerability Exploited in Attacks
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical vulnerability in Trend Micro Apex One to its Known Exploited Vulnerabilities (KEV) catalog, warning organizations of active exploitati
Google Publishes Exploit Code for Unfixed Chromium Bug Exposing Millions of Users
Google has publicly released proof-of-concept (PoC) exploit code for a critical, still-unpatched vulnerability in the Chromium codebase, potentially exposing millions of users across Chrome, Microsoft Edge, and other Chr
[Critical] CVE-2026-9054 – An attacker sending tcp, il, rudp, rudp, or gre packets with a length less than ...
Critical CVE-2026-9054 An attacker sending tcp, il, rudp, rudp, or gre packets with a length less than the header size would trigger a kernel panic. CVSS: 9.2 · CWE: N/A View on NVD
CVE-2026-9054 - Invalid IP packets cause a kernel panic
CVE ID :CVE-2026-9054 Published : May 22, 2026, 3:21 a.m. | 1 hour ago Description :An attacker sending tcp, il, rudp, rudp, or gre packets with a length less than the header size would trigger a kernel panic. S
[Critical] CVE-2026-34909 – A malicious actor with access to the network could exploit a Path Traversal vuln...
Critical CVE-2026-34909 A malicious actor with access to the network could exploit a Path Traversal vulnerability found in UniFi OS devices to access files on the underlying system that could be manipulated to access an
[Critical] CVE-2026-34910 – A malicious actor with access to the network could exploit an Improper Input Val...
Critical CVE-2026-34910 A malicious actor with access to the network could exploit an Improper Input Validation vulnerability found in UniFi OS devices to execute a Command Injection. CVSS: 10.0 · CWE: CWE-20 View on NVD
CVE-2026-34910 - "UniFi OS Command Injection Vulnerability"
CVE ID :CVE-2026-34910 Published : May 22, 2026, 2:16 a.m. | 2 hours, 5 minutes ago Description :A malicious actor with access to the network could exploit an Improper Input Validation vulnerability found in UniFi
[Critical] CVE-2026-33000 – A malicious actor with access to the network and high privileges could exploit a...
Critical CVE-2026-33000 A malicious actor with access to the network and high privileges could exploit an Improper Input Validation vulnerability found in UniFi OS devices to execute a Command Injection. CVSS: 9.1 · CWE:
[Critical] CVE-2026-6960 – The BookingPress Pro plugin for WordPress is vulnerable to arbitrary file upload...
Critical CVE-2026-6960 The BookingPress Pro plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'bookingpress_validate_submitted_booking_form_func' function in all vers
[Critical] CVE-2026-8134 – Concrete CMS 9.5.0 and below fails to sanitize path traversal sequences in the p...
Critical CVE-2026-8134 Concrete CMS 9.5.0 and below fails to sanitize path traversal sequences in the ptComposerFormLayoutSetControlCustomTemplate field when saving page type composer form layouts. An authenticated rogue
Critical Chrome Vulnerabilities Enable Remote Code Execution Attacks – Patch Now!
Google has released an urgent security update for Chrome, addressing 16 vulnerabilities including two rated Critical that could allow attackers to execute arbitrary code on affected systems. The Stable channel has been u
Cisco fixed maximum severity flaw CVE-2026-20223 in Secure Workload
Cisco fixed a critical Secure Workload flaw (CVE-2026-20223) that could let attackers gain Site Admin privileges through crafted API requests. Cisco released patches for a critical vulnerability, tracked as CVE-2026-2022