ARTIKEL SUCHE
Threat Feed QueryDurchsuche alle aggregierten Security-Artikel nach Schlagworten, CVE-IDs und Quellen.
Mythos Preview Builds PoC Exploits in Automated Vulnerability Research
Anthropic’s Mythos Preview security-focused AI model is crossing a critical threshold in automated vulnerability research, not just finding bugs, but chaining them together into working proof-of-concept exploits. That’s
CVE-2026-42822 - Azure Local Disconnected Operations (ALDO) Elevation of Privilege Vulnerability
CVE ID :CVE-2026-42822 Published : May 18, 2026, 6:17 p.m. | 18 hours, 4 minutes ago Description :Improper authentication in Azure Local Disconnected Operations allows an unauthorized attacker to elevate privileges
Hackers Actively Exploiting Critical NGINX RCE Vulnerability in the Wild
Hackers are wasting no time exploiting a newly disclosed critical vulnerability in NGINX, with security researchers already observing real-world attacks just days after its public release. Security researcher Patrick Gar
Ivanti, Fortinet, SAP, VMware, n8n Patch RCE, SQL Injection, Privilege Escalation Flaws
Ivanti, Fortinet, n8n, SAP, and VMware have released security fixes for various vulnerabilities that could be exploited by bad actors to bypass authentication and execute arbitrary code. Topping the list is a critical fl
Experts warn of active exploitation of critical NGINX flaw CVE-2026-42945
A critical NGINX flaw (CVE-2026-42945) is actively exploited, allowing crashes or possible code execution via malicious HTTP requests. A critical vulnerability in NGINX Plus and NGINX Open, tracked as CVE-2026-42945 (CVS
Microsoft rejects critical Azure vulnerability report, no CVE issued
A security researcher claims Microsoft quietly fixed an Azure Backup for AKS vulnerability after rejecting his report, and without issuing a CVE. Microsoft disputes the claim, telling BleepingComputer the behavior was ex
Funnel Builder Flaw Under Active Exploitation Enables WooCommerce Checkout Skimming
A critical security vulnerability impacting the Funnel Builder plugin for WordPress has come under active exploitation in the wild to inject malicious JavaScript code into WooCommerce checkout pages with the goal
How AI Hallucinations Are Creating Real Security Risks
AI hallucinations are introducing serious security risks into critical infrastructure decision-making by exploiting human trust through highly confident yet incorrect outputs. When an AI model lacks certainty, it doesn’t
18-Year-Old NGINX Rewrite Module Flaw Enables Unauthenticated RCE
Cybersecurity researchers have disclosed multiple security vulnerabilities impacting NGINX Plus and NGINX Open, including a critical flaw that remained undetected for 18 years. The vulnerability, discovered by depthfirst
Microsoft Patches 138 Vulnerabilities, Including DNS and Netlogon RCE Flaws
Microsoft on Tuesday released patches for 138 security vulnerabilities spanning its product portfolio, although none of them have been listed as publicly known or under active attack. Of the 138 flaws, 30 are rated Criti
cPanel CVE-2026-41940 Under Active Exploitation to Deploy Filemanager Backdoor
A threat actor named Mr_Rot13 has been attributed to the exploitation of a recently disclosed critical cPanel flaw to deploy a backdoor codenamed Filemanager on compromised environments. The attack exploits CVE-2026-4194
Over 500 Organizations Hit in Years-Long Phishing Campaign
Victims span across the aviation, critical infrastructure, energy, logistics, public administration, and technology sectors. The post Over 500 Organizations Hit in Years-Long Phishing Campaign appeared first on SecurityW
Ollama Out-of-Bounds Read Vulnerability Allows Remote Process Memory Leak
Cybersecurity researchers have disclosed a critical security vulnerability in Ollama that, if successfully exploited, could allow a remote, unauthenticated attacker to leak its entire process memory. The out-of-bounds re
New cPanel and WHM Flaws Enable Code Execution, DoS Attacks
cPanel has disclosed three critical security vulnerabilities tracked as CVE-2026-29201, CVE-2026-29202, and CVE-2026-29203 affecting its widely deployed cPanel & WHM web hosting control panel and WP Squared (WP2) platfor
CVE-2026-42569 - phpvms: /importer authorization bypass causing full database wipe
CVE ID :CVE-2026-42569 Published : May 9, 2026, 8:16 p.m. | 2 hours, 6 minutes ago Description :phpVMS is a PHP application to run and simulate an airline. Prior to version 7.0.6, a critical vulnerability in phpVMS
CVE-2023-37466
Currently trending CVE - Hype Score: 4 - vm2 is an advanced vm/sandbox for Node.js. The library contains critical security issues and should not be used for production. The maintenance of the project has been discontinue
CVE-2026-42354 - Sentry: Improper authentication on SAML SSO process allows user identity linking
CVE ID :CVE-2026-42354 Published : May 8, 2026, 11:16 p.m. | 1 hour, 4 minutes ago Description :Sentry is an error tracking and performance monitoring tool. From version 21.12.0 to before version 26.4.1, a critical
CVE-2026-42286 - Emlog: Cross-Site Request Forgery in Admin Functions
CVE ID :CVE-2026-42286 Published : May 8, 2026, 10:16 p.m. | 2 hours, 4 minutes ago Description :Emlog is an open source website building system. Prior to version 2.6.11, missing CSRF protection in critical admin f
CVE-2026-42278 - UltraDAG: Smart Account Spending Policy Bypass via Pockets
CVE ID :CVE-2026-42278 Published : May 8, 2026, 5:16 a.m. | 1 hour, 4 minutes ago Description :UltraDAG is a minimal DAG-BFT blockchain in Rust. Prior to commit fb6ef59, the UltraDAG StateEngine implementation of S
CVE-2026-41900 - OpenLearnX has Critical Remote Code Execution Through Python Sandbox Escape via Code Execution Environment
CVE ID :CVE-2026-41900 Published : May 8, 2026, 4:16 a.m. | 2 hours, 4 minutes ago Description :OpenLearnX is an open-source, decentralized learning and assessment platform. Prior to version 2.0.3, a remote code ex