ARTIKEL SUCHE
Threat Feed QueryDurchsuche alle aggregierten Security-Artikel nach Schlagworten, CVE-IDs und Quellen.
Hackers Use CVE-2024-3721 to Infect TBK DVRs With Nexcorium DDoS Malware
A newly identified botnet campaign is actively exploiting a critical flaw in TBK digital video recorders to deploy a dangerous piece of malware known as Nexcorium, a Mirai-based threat built to launch large-scale distrib
Critical Vulnerability In Flowise Allows Remote Command Execution Via MCP Adapters
A critical vulnerability in Flowise and multiple AI frameworks has been discovered by OX Security, exposing millions of users to remote code execution (RCE). The flaw stems from the Model Context Protocol (MCP), a widely
Critical flaw in Protobuf library enables JavaScript code execution
Proof-of-concept exploit code has been published for a critical remote code execution flaw in protobuf.js, a widely used JavaScript implementation of Google's Protocol Buffers. [...]
PoC Exploit Released for FortiSandbox Vulnerability that Allows Attacker to Execute Commands
A proof-of-concept (PoC) exploit has been publicly released for a critical vulnerability in Fortinet’s FortiSandbox product, tracked as CVE-2026-39808. The flaw allows an unauthenticated attacker to execute arbitrary ope
CVE-2026-35546 - Anviz Products Missing Authentication for Critical Function
CVE ID :CVE-2026-35546 Published : April 17, 2026, 8:16 p.m. | 24 minutes ago Description :Anviz CX2 Lite and CX7 are vulnerable to unauthenticated firmware uploads. This causes crafted archives to be accepted, en
Attackers Weaponize CVE-2026-39987 to Spread Blockchain-Based Backdoor Via Hugging Face
A critical vulnerability in the marimo Python notebook platform is now being actively used by attackers to deploy a blockchain-powered backdoor on developer systems. The flaw, tracked as CVE-2026-39987, allows remote cod
CISA Warns of Apache ActiveMQ Input Validation Vulnerability Exploited in Attacks
The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning regarding a critical security defect in Apache ActiveMQ. On April 16, 2026, the agency officially added the vulnerability, tracked
CVE-2025-15625 - Unauthenticated execution of arbitrary SQL queries in Sparx Pro Cloud Server
CVE ID :CVE-2025-15625 Published : April 17, 2026, 9:16 a.m. | 9 hours, 25 minutes ago Description :Unauthenticated user is able to execute arbitrary SQL commands in Sparx Pro Cloud Server database in certain cases
Hackers exploit Marimo flaw to deploy NKAbuse malware from Hugging Face
Hackers are exploiting a critical vulnerability in Marimo reactive Python notebook to deploy a new variant of NKAbuse malware hosted on Hugging Face Spaces. [...]
CVE-2026-37345 - SourceCodester Vehicle Parking Area Management System SQL Injection
CVE ID :CVE-2026-37345 Published : April 16, 2026, 3:17 p.m. | 1 hour, 23 minutes ago Description :SourceCodester Vehicle Parking Area Management System v1.0 is vulnerable to SQL Injection in the file /parking/mana
CVE-2026-37347 - SourceCodester Payroll Management and Information System SQL Injection Vulnerability
CVE ID :CVE-2026-37347 Published : April 16, 2026, 3:17 p.m. | 1 hour, 23 minutes ago Description :SourceCodester Payroll Management and Information System v1.0 is vulnerable to SQL Injection in the file /payroll/v
CVE-2026-37338 - SourceCodester Simple Music Cloud Community System SQL Injection Vulnerability
CVE ID :CVE-2026-37338 Published : April 16, 2026, 3:17 p.m. | 3 hours, 23 minutes ago Description :SourceCodester Simple Music Cloud Community System v1.0 is vulnerable to SQL Injection in the file /music/view_use
CVE-2026-31843 - Apache Goodone Laravel Remote Code Execution
CVE ID :CVE-2026-31843 Published : April 16, 2026, 1:16 p.m. | 1 hour, 24 minutes ago Description :The goodoneuz/pay-uz Laravel package (<= 2.2.24) contains a critical vulnerability in the /payment/api/editable/upd
Critical Cisco ISE Vulnerabilities Let Remote Attackers Execute Malicious Code
Cisco has issued an urgent security advisory warning of multiple vulnerabilities in its Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC). According to the official Cisco security advisory publi
Cisco Patches Four Critical Identity Services, Webex Flaws Enabling Code Execution
Cisco has announced patches to address four critical security flaws impacting Identity Services and Webex Services that could result in arbitrary code execution and allow an attacker to impersonate any user within the se
Cisco Webex Services Vulnerability Let Remote Attacker Impersonate Any User
Cisco has issued a critical security advisory warning of a severe vulnerability in its cloud-based Webex Services. Tracked as CVE-2026-20184, this flaw carries a maximum Common Vulnerability Scoring System (CVSS) base sc
Nginx-ui Vulnerability Actively Exploited in Attack – Enables Full Server Takeover
A critical authentication bypass vulnerability in Nginx UI, tracked as CVE-2026-33032 with a maximum CVSS score of 9.8, is currently being actively exploited in the wild. This flaw allows unauthenticated remote attackers
Splunk Enterprise and Cloud Platform Vulnerability Enables Remote Code Execution Attacks
A critical security vulnerability has been officially disclosed, affecting multiple versions of Enterprise and Cloud platforms. Tracked as CVE-2026-20204, this high-severity flaw carries a CVSS score of 7.1 and poses a s
CVE-2026-40959 - Luanti Lua Sandbox Escape
CVE ID :CVE-2026-40959 Published : April 16, 2026, 1:16 a.m. | 1 hour, 24 minutes ago Description :Luanti 5 before 5.15.2, when LuaJIT is used, allows a Lua sandbox escape via a crafted mod. Severity: 9.3 | CRIT
Critical Nginx UI auth bypass flaw now actively exploited in the wild
A critical vulnerability in Nginx UI with Model Context Protocol (MCP) support is now being exploited in the wild for full server takeover without authentication. [...]