ARTIKEL SUCHE
Threat Feed QueryDurchsuche alle aggregierten Security-Artikel nach Schlagworten, CVE-IDs und Quellen.
[Critical] CVE-2026-47117 – OpenMed before 1.5.2 contains a remote code execution vulnerability in the PII p...
Critical CVE-2026-47117 OpenMed before 1.5.2 contains a remote code execution vulnerability in the PII privacy-filter model loading path. The privacy-filter dispatcher used broad substring matching on the user-supplied m
CISA Warns of Two-Year-Old Oracle WebLogic Server Vulnerability Exploited in Attacks
CISA has issued a fresh warning highlighting active exploitation of a critical Oracle WebLogic Server vulnerability, tracked as CVE-2024-21182, adding it to its Known Exploited Vulnerabilities (KEV) catalog on June 1, 20
Why the browser is now the front line for AI security
AI-powered attacks and shadow AI adoption are creating new security risks inside the browser. Push Security explains why browser visibility is becoming critical for both threat detection and AI governance. [...]
Critical KMW CCTV Vulnerability Let Attackers Gain Unauthorized Access to Camera Feeds
A critical security flaw in KMW CCTV security cameras could allow attackers to gain full, unauthorized access to live camera feeds and device settings. The vulnerability, tracked as CVE-2026-5386, has been assigned a hig
CISA Flags Palo Alto Networks PAN-OS Vulnerability as Exploited in Attacks
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical Palo Alto Networks PAN-OS vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, warning that the flaw is being actively
Critical Vulnerability in HP VoIP Phones Enables Enterprise Network Breaches
A stack-based buffer overflow bug can be exploited for remote code execution on a vulnerable device. The post Critical Vulnerability in HP VoIP Phones Enables Enterprise Network Breaches appeared first on SecurityWeek.
Claude Code’s GitHub Actions Vulnerability Lets Attackers Compromise Any Repository
A critical supply chain vulnerability in Claude Code’s GitHub Actions that could allow attackers to compromise any repository using Anthropic’s official CI/CD workflow, including Anthropic’s own infrastructure. The vulne
[Critical] CVE-2026-34906 – Server-Side Template Injection (SSTI) in Wirtualna Uczelnia allows an unauthenti...
Critical CVE-2026-34906 Server-Side Template Injection (SSTI) in Wirtualna Uczelnia allows an unauthenticated attacker to perform Remote Code Execution (RCE). In the endpoint redirectToUrl and parameter redirectUrlParame
CVE-2025-53209 - WordPress Masteriyo LMS PRO plugin <= 2.20.0 - Privilege Escalation Vulnerability
CVE ID :CVE-2025-53209 Published : June 2, 2026, 10:16 a.m. | 57 minutes ago Description :Incorrect Privilege Assignment vulnerability in Themeisle Masteriyo LMS PRO allows Privilege Escalation. This issue affects
[Critical] CVE-2025-53209 – Incorrect Privilege Assignment vulnerability in Themeisle Masteriyo LMS PRO allo...
Critical CVE-2025-53209 Incorrect Privilege Assignment vulnerability in Themeisle Masteriyo LMS PRO allows Privilege Escalation. This issue affects Masteriyo LMS PRO: from n/a through 2.20.0. CVSS: 9.8 · CWE: CWE-266 Vi
Web Application & API Attacks Are Rising: Are You Blind to Modern Web Attacks? Join WAAP Security Webinar
The Invisible Threat Hiding in Plain Sight Every day, thousands of web applications and APIs are probed, scanned, and exploited by attackers who have learned a critical truth: most organizations are not seeing a fractio
Android 0-Day Vulnerability Exploited in Attacks to Gain Complete Device Control
A critical Android zero-day vulnerability is being actively exploited in targeted attacks, allowing threat actors to gain near-complete control over affected devices without any user interaction. The flaw, tracked as CVE
Oracle’s First Monthly Patches Resolve 77 Vulnerabilities
Oracle’s monthly Critical Security Patch Update (CSPU) rollouts are meant to deliver critical fixes faster. The post Oracle’s First Monthly Patches Resolve 77 Vulnerabilities appeared first on SecurityWeek.
Critical StrongDM Vulnerability Allows Attackers to Steal and Reuse Authentication
A critical authentication flaw in StrongDM’s desktop application has been identified that allows attackers to hijack user sessions by reusing locally stored authentication material, potentially exposing sensitive enterpr
Critical WP Maps Pro Vulnerability Allow Attackers to Create Administrator Account
A critical security vulnerability in the popular WP Maps Pro WordPress plugin could allow attackers to gain full control of affected websites by creating unauthorized administrator accounts. The flaw, tracked as CVE-2026
[Critical] CVE-2026-8206 – The Kirki – Freeform Page Builder, Website Builder & Customizer plugin for WordP...
Critical CVE-2026-8206 The Kirki – Freeform Page Builder, Website Builder & Customizer plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions 6.0.0 to 6.0.6. This is due to the pl
Hackers Use Meta’s AI Bot to Reset Passwords and Hijack Instagram Accounts
A critical logic flaw in Meta’s AI-powered Instagram support chatbot allowed attackers to bypass two-factor authentication entirely, not by cracking codes, but by simply asking the bot to hand over access. Over the weeke
[Medium] CVE-2026-0070 – In multiple functions of DevicePolicyManagerService.java, there is a possible wa...
Medium CVE-2026-0070 In multiple functions of DevicePolicyManagerService.java, there is a possible way to hide a system critical package due to improper input validation. This could lead to local denial of service with n
CVE-2026-24088 - Missing Authentication for Critical Function in Boot
CVE ID :CVE-2026-24088 Published : June 1, 2026, 10:05 p.m. | 1 hour, 7 minutes ago Description :Cryptographic Issue while processing a specific partition which allows unauthorized write access to load a customized
[Critical] CVE-2026-8644 – IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to identity spoofing...
Critical CVE-2026-8644 IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to identity spoofing. CVSS: 9.1 · CWE: CWE-290 View on NVD