ARTIKEL SUCHE
Threat Feed QueryDurchsuche alle aggregierten Security-Artikel nach Schlagworten, CVE-IDs und Quellen.
[Critical] CVE-2026-34909 – A malicious actor with access to the network could exploit a Path Traversal vuln...
Critical CVE-2026-34909 A malicious actor with access to the network could exploit a Path Traversal vulnerability found in UniFi OS devices to access files on the underlying system that could be manipulated to access an
[Critical] CVE-2026-34910 – A malicious actor with access to the network could exploit an Improper Input Val...
Critical CVE-2026-34910 A malicious actor with access to the network could exploit an Improper Input Validation vulnerability found in UniFi OS devices to execute a Command Injection. CVSS: 10.0 · CWE: CWE-20 View on NVD
CVE-2026-34910 - "UniFi OS Command Injection Vulnerability"
CVE ID :CVE-2026-34910 Published : May 22, 2026, 2:16 a.m. | 2 hours, 5 minutes ago Description :A malicious actor with access to the network could exploit an Improper Input Validation vulnerability found in UniFi
[Critical] CVE-2026-33000 – A malicious actor with access to the network and high privileges could exploit a...
Critical CVE-2026-33000 A malicious actor with access to the network and high privileges could exploit an Improper Input Validation vulnerability found in UniFi OS devices to execute a Command Injection. CVSS: 9.1 · CWE:
[Critical] CVE-2026-6960 – The BookingPress Pro plugin for WordPress is vulnerable to arbitrary file upload...
Critical CVE-2026-6960 The BookingPress Pro plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'bookingpress_validate_submitted_booking_form_func' function in all vers
[Critical] CVE-2026-8134 – Concrete CMS 9.5.0 and below fails to sanitize path traversal sequences in the p...
Critical CVE-2026-8134 Concrete CMS 9.5.0 and below fails to sanitize path traversal sequences in the ptComposerFormLayoutSetControlCustomTemplate field when saving page type composer form layouts. An authenticated rogue
Critical Chrome Vulnerabilities Enable Remote Code Execution Attacks – Patch Now!
Google has released an urgent security update for Chrome, addressing 16 vulnerabilities including two rated Critical that could allow attackers to execute arbitrary code on affected systems. The Stable channel has been u
Cisco fixed maximum severity flaw CVE-2026-20223 in Secure Workload
Cisco fixed a critical Secure Workload flaw (CVE-2026-20223) that could let attackers gain Site Admin privileges through crafted API requests. Cisco released patches for a critical vulnerability, tracked as CVE-2026-2022
Cisco Patches Critical Vulnerability in Secure Workload
Insufficient validation and authentication in the Secure Workload’s REST APIs provide remote attackers with Site Admin privileges. The post Cisco Patches Critical Vulnerability in Secure Workload appeared first on Securi
Drupal Patches Highly Critical Vulnerability Exposing Websites to Hacking
CVE-2026-9082 can be exploited without authentication for information disclosure, privilege escalation, and remote code execution. The post Drupal Patches Highly Critical Vulnerability Exposing Websites to Hacking appear
Critical Cisco Secure Workload Vulnerability Enables Unauthorized API Access
Cisco has disclosed a critical security vulnerability in its Secure Workload platform that could allow unauthenticated attackers to gain unauthorized access to sensitive resources via internal APIs. The flaw, tracked as
Critical Drupal Core Security Vulnerability Exposes Websites to Cyberattack
A highly critical security vulnerability in Drupal core is set to impact websites worldwide, with the official security release scheduled for May 20, 2026. The vulnerability has been assigned a “Highly Critical” severity
Highly Critical Drupal Core Flaw Exposes PostgreSQL Sites to RCE Attacks
Drupal has released security updates for a "highly critical" security vulnerability in Drupal Core that could be exploited by attackers to achieve remote code execution, privilege escalation, or information disclosure. T
Claude Code’s Network Sandbox Vulnerability Exposes User Credentials and Source Code
Anthropic’s Claude Code AI coding assistant harbored a critical network sandbox bypass for over five months, allowing attackers to exfiltrate credentials, source code, and environment variables from developer systems, an
CVE-2026-9111 - Google Chrome WebRTC Use-After-Free Vulnerability
CVE ID :CVE-2026-9111 Published : May 20, 2026, 8:16 p.m. | 2 hours, 5 minutes ago Description :Use after free in WebRTC in Google Chrome on Linux prior to 148.0.7778.179 allowed a remote attacker to execute arbitr
CVE-2026-8598 - Unauthenticated Export Service in ZKTeco CCTV Cameras
CVE ID :CVE-2026-8598 Published : May 20, 2026, 2:53 p.m. | 1 hour, 28 minutes ago Description :An undocumented configuration export port is accessible on some models of ZKTeco CCTV cameras. This port does not req
Pardus Linux Local Privilege Escalation Flaw Allows Silent Root Access
A critical vulnerability chain affecting Pardus Linux has been disclosed, allowing local users to gain full root privileges without authentication. The issue, assigned a CVSS v3.1 score of 9.3, impacts the pardus-update
FreePBX Vulnerability Allow Attackers to Gain Access to User Portals
A critical vulnerability in the open-source IP PBX platform FreePBX could allow unauthenticated attackers to access user portals. The issue, tracked as CVE-2026-46376, affects the User Control Panel (UCP) interface due t
Critical ExifTool Vulnerability Allows Attackers to Compromise Macs via Single Malicious Image
ExifTool, a ubiquitous open-source utility for reading and writing file metadata, is at the center of a severe security flaw affecting macOS environments. Discovered by Kaspersky’s Global Research and Analysis Team (GReA
Drupal critical update to fix bug with high exploitation risk
Drupal has announced a "core security release" scheduled for later today, warning that threat actors might develop exploits within hours of the update disclosure. [...]