ARTIKEL SUCHE
Threat Feed QueryDurchsuche alle aggregierten Security-Artikel nach Schlagworten, CVE-IDs und Quellen.
LiteLLM CVE-2026-42208 SQL Injection Exploited within 36 Hours of Disclosure
In yet another instance of threat actors quickly jumping on the exploitation bandwagon, a newly disclosed critical security flaw in BerriAI's LiteLLM Python package has come under active exploitation in the wild within 3
CVE-2024-1708
Currently trending CVE - Hype Score: 7 - ConnectWise ScreenConnect 23.9.7 and prior are affected by path-traversal vulnerability, which may allow an attacker the ability to execute remote code or directly impact confid
CVE-2026-7361 - Google Chrome iOS Use-After-Free Heap Corruption
CVE ID :CVE-2026-7361 Published : April 28, 2026, 11:16 p.m. | 17 hours ago Description :Use after free in iOS in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to potentially exploit heap corrupti
Hackers are exploiting a critical LiteLLM pre-auth SQLi flaw
Hackers are targeting sensitive information stored in the LiteLLM open-source large-language model (LLM) gateway by exploiting a critical vulnerability tracked as CVE-2026-42208. [...]
CVE-2026-3854 GitHub flaw enables remote code execution
Critical GitHub flaw CVE-2026-3854 lets attackers run code with a single git push, exploiting a command injection bug. Researchers found a critical vulnerability in GitHub, tracked as CVE-2026-3854, that allows remote co
CVE-2026-3893 - Carlson Software VASCO-B GNSS Receiver Missing Authentication for Critical Function
CVE ID :CVE-2026-3893 Published : April 28, 2026, 7:37 p.m. | 38 minutes ago Description :The Carlson VASCO-B GNSS Receiver lacks an authentication mechanism, allowing an attacker with network access to directly a
Researchers Discover Critical GitHub CVE-2026-3854 RCE Flaw Exploitable via Single Git Push
Cybersecurity researchers have disclosed details of a critical security vulnerability impacting GitHub.com and GitHub Enterprise Server that could allow an authenticated user to obtain remote code execution with a single
Critical GitHub.com and Enterprise Server RCE Vulnerability Enables Full Server Compromise
A critical remote code execution (RCE) vulnerability tracked as CVE-2026-3854 in GitHub’s internal git infrastructure that could have allowed any authenticated user to compromise backend servers, access millions of priva
Critical LiteLLM SQL Injection Vulnerability Exploited in the Wild
A critical pre-authentication SQL injection vulnerability in LiteLLM, a widely used open-source AI gateway with over 22,000 GitHub stars, is actively being exploited in the wild. Tracked as CVE-2026-42208, this severe fl
CVE-2026-7321 - Sandbox escape due to incorrect boundary conditions in the WebRTC: Networking component
CVE ID :CVE-2026-7321 Published : April 28, 2026, 3:16 p.m. | 59 minutes ago Description :Sandbox escape due to incorrect boundary conditions in the WebRTC: Networking component. This vulnerability was fixed in Fir
VECT 2.0 Ransomware Irreversibly Destroys Files Over 131KB on Windows, Linux, ESXi
Threat hunters are warning that the cybercriminal operation known as VECT 2.0 acts more like a wiper than a ransomware due to a critical flaw in its encryption implementation across Windows, Linux, and ESXi variants that
New Windows 0-Click Vulnerability Exploited to Bypass Defender SmartScreen
A critical zero-click authentication coercion vulnerability, tracked as CVE-2026-32202, stemming from an incomplete patch for a Windows Shell security feature bypass actively weaponized by the Russian APT28 threat group.
Critical Unpatched Flaw Leaves Hugging Face LeRobot Open to Unauthenticated RCE
Cybersecurity researchers have disclosed details of a critical security flaw impacting LeRobot, Hugging Face's open-source robotics platform with nearly 24,000 GitHub stars, that could be exploited to achieve remote code
CVE-2026-32644 - Milesight Cameras Use of Hard-coded Cryptographic Key
CVE ID :CVE-2026-32644 Published : April 28, 2026, 1:16 a.m. | 59 minutes ago Description :Specific firmware versions of Milesight AIOT cameras use SSL certificates with default private keys. Severity: 9.8 | CRI
Critical Gemini CLI Vulnerability Enables Remote Code Execution Attacks
Google has fixed a critical security flaw in the Gemini CLI that could allow attackers to execute remote code in certain automated workflows. The issue affects the npm package @google/gemini-cli and the google-github-act
CVE-2026-3008 - Vulnerability in Notepad++
CVE ID :CVE-2026-3008 Published : April 27, 2026, 7:16 a.m. | 57 minutes ago Description :Successful exploitation of the string injection vulnerability could allow an attacker to obtain memory address information o
Critical bug in CrowdStrike LogScale let attackers access files
CrowdStrike fixed CVE-2026-40050 in LogScale self-hosted, a critical flaw allowing unauthenticated file access via path traversal. CrowdStrike recently disclosed a critical vulnerability, tracked as CVE-2026-40050, affec
Litecoin Zero-Day Vulnerability Exploited in DoS Attack, Disrupts Major Mining Pools
A critical zero-day vulnerability in the Litecoin network was actively exploited to launch a denial-of-service (DoS) attack, temporarily disrupting operations across major mining pools before developers issued a full pat
CISA Warns of Multiple SimpleHelp Vulnerabilities Exploited in Attack
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical alert regarding two actively exploited vulnerabilities in SimpleHelp remote support software. Remote access tools are highly valued target
Over 400,000 sites at risk as hackers exploit Breeze Cache plugin flaw (CVE-2026-3844)
Attackers exploit a Breeze Cache flaw (CVE-2026-3844) to upload files without login. Wordfence researchers detected over 170 attacks. Threat actors are exploiting a critical flaw, tracked as CVE-2026-3844 (CVSS score of