ARTIKEL SUCHE
Threat Feed QueryDurchsuche alle aggregierten Security-Artikel nach Schlagworten, CVE-IDs und Quellen.
CVE-2026-6376 - Missing authentication for critical function in SpiceJet Online Booking System
CVE ID :CVE-2026-6376 Published : April 23, 2026, 9:16 p.m. | 53 minutes ago Description :A weakness in SpiceJet’s public booking retrieval page permits full passenger booking details to be accessed using only a PN
CVE-2026-39087 - Ntfy Arbitrary Code Execution Vulnerability
CVE ID :CVE-2026-39087 Published : April 23, 2026, 4:16 p.m. | 3 hours, 53 minutes ago Description :An issue in Ntfy ntfy.sh before v.2.21 allows a remote attacker to execute arbitrary code via the parseActions fun
CVE-2026-40470 - Hackage package and doc upload stored XSS vulnerability
CVE ID :CVE-2026-40470 Published : April 23, 2026, 2:53 p.m. | 1 hour, 15 minutes ago Description :A critical XSS vulnerability affected hackage-server and hackage.haskell.org. HTML and JavaScript files provided i
Critical Pack2TheRoot Vulnerability Let Attackers Gain Root Access or Compromise the System
A high-severity privilege escalation vulnerability, dubbed Pack2TheRoot (CVE-2026-41651, CVSS 3.1: 8.8), has been publicly disclosed by Deutsche Telekom’s Red Team, affecting multiple major Linux distributions in their d
Microsoft out-of-band updates fixed critical ASP.NET Core privilege escalation flaw
Microsoft fixed critical ASP.NET Core vulnerability, tracked as CVE-2026-40372 (CVSS score of 9.1), that lets attackers escalate privileges. Microsoft released out-of-band updates to address a serious ASP.NET Core vulner
Critical Atlassian Bamboo Data Center and Server Flaw Enables Command Injection Attacks
Atlassian has disclosed two significant security vulnerabilities affecting its Bamboo Data Center and Server product, including a critical OS command injection flaw and a high-severity denial-of-service issue tied to a t
Microsoft Patches Critical ASP.NET Core CVE-2026-40372 Privilege Escalation Bug
Microsoft has released out-of-band updates to address a security vulnerability in ASP.NET Core that could allow an attacker to escalate privileges. The vulnerability, tracked as CVE-2026-40372, carries a CVSS score of 9.
1,370+ Microsoft SharePoint Servers Vulnerable to Spoofing Attacks Exposed Online
A critical spoofing vulnerability in Microsoft SharePoint Server, tracked as CVE-2026-32201, remains unpatched on over 1,370 internet-facing IP addresses worldwide, according to fresh scanning data from the Shadowserver
CrowdStrike LogScale Vulnerability Allows Remote Attackers to Read Arbitrary Files from Server
CrowdStrike has issued an urgent security advisory for a critical unauthenticated path-traversal vulnerability (CVE-2026-40050) affecting its LogScale platform, warning that a remote attacker could exploit the flaw to re
Cohere AI Terrarium Sandbox Flaw Enables Root Code Execution, Container Escape
A critical security vulnerability has been disclosed in a Python-based sandbox called Terrarium that could result in arbitrary code execution. The vulnerability, tracked as CVE-2026-5752, is rated 9.3 on the CVSS scoring
Microsoft Emergency .NET 10.0.7 Update to Patch Elevation of Privilege Vulnerability
Microsoft has issued an emergency out-of-band (OOB) security update for .NET 10, releasing version 10.0.7 on April 21, 2026, to address a critical elevation of privilege vulnerability discovered in the Microsoft.AspNetCo
CVE-2026-40372 - ASP.NET Core Elevation of Privilege Vulnerability
CVE ID :CVE-2026-40372 Published : April 21, 2026, 7:20 p.m. | 44 minutes ago Description :None Severity: 9.1 | CRITICAL Visit the link for more details, such as CVSS details, affected products, timeline, a
CVE-2026-40050 - CrowdStrike LogScale Unauthenticated Path Traversal
CVE ID :CVE-2026-40050 Published : April 21, 2026, 5:16 p.m. | 48 minutes ago Description :CrowdStrike has released security updates to address a critical unauthenticated path traversal vulnerability (CVE-2026-4005
CVE-2026-21571 - Atlassian Bamboo Data Center OS Command Injection Vulnerability
CVE ID :CVE-2026-21571 Published : April 21, 2026, 5:16 p.m. | 49 minutes ago Description :This Critical severity OS Command Injection vulnerability was introduced in versions 9.6.0, 10.0.0, 10.1.0, 10.2.0, 11.0.0,
CVE-2026-6768 - Mitigation bypass in the Networking: Cookies component
CVE ID :CVE-2026-6768 Published : April 21, 2026, 1:16 p.m. | 4 hours, 49 minutes ago Description :Mitigation bypass in the Networking: Cookies component. This vulnerability was fixed in Firefox 150. Severity: 9
CISA Warns of Cisco Catalyst SD-WAN Manager Vulnerabilities Exploited in Attacks
CISA has added three critical Cisco Catalyst SD-WAN Manager vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, urging federal agencies and organizations to act immediately. All three flaws were added o
Hackers Could Weaponize GGUF Models to Achieve RCE on SGLang Inference Servers
A critical vulnerability in the SGLang inference server that allows threat actors to execute arbitrary code. Tracked as CVE-2026-5760, this flaw allows hackers to weaponize standard GGUF machine learning models to compro
SGLang CVE-2026-5760 (CVSS 9.8) Enables RCE via Malicious GGUF Model Files
A critical security vulnerability has been disclosed in SGLang that, if successfully exploited, could result in remote code execution on susceptible systems. The vulnerability, tracked as CVE-2026-5760, carries a CVSS sc
Lovable AI App Builder Reportedly Exposes Thousands of Projects Data via API Flaw
A critical Broken Object Level Authorization (BOLA) vulnerability in Lovable, the popular AI-powered app builder platform, is reportedly allowing unauthorized users to access sensitive project data, including source code
Anthropic MCP Design Vulnerability Enables RCE, Threatening AI Supply Chain
Cybersecurity researchers have discovered a critical "by design" weakness in the Model Context Protocol's (MCP) architecture that could pave the way for remote code execution and have a cascading effect on the artificial