ARTIKEL SUCHE
Threat Feed QueryDurchsuche alle aggregierten Security-Artikel nach Schlagworten, CVE-IDs und Quellen.
Critical Nginx UI auth bypass flaw now actively exploited in the wild
A critical vulnerability in Nginx UI with Model Context Protocol (MCP) support is now being exploited in the wild for full server takeover without authentication. [...]
CVE-2026-6358 - Google Chrome Android Use-After-Free Vulnerability
CVE ID :CVE-2026-6358 Published : April 15, 2026, 8:16 p.m. | 24 minutes ago Description :Use after free in XR in Google Chrome on Android prior to 147.0.7727.101 allowed a remote attacker to perform an out of boun
CVE-2026-6299 - Google Chrome Prerender Use After Free Arbitrary Code Execution
CVE ID :CVE-2026-6299 Published : April 15, 2026, 8:16 p.m. | 24 minutes ago Description :Use after free in Prerender in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code via
CVE-2026-33032: severe nginx-ui bug grants unauthenticated server access
An actively exploited critical nginx-ui flaw (CVE-2026-33032) lets attackers bypass authentication and take full control of Nginx servers. A critical vulnerability in nginx-ui, tracked as CVE-2026-33032 (CVSS score of 9.
Exploited Vulnerability Exposes Nginx Servers to Hacking
Hackers are exploiting CVE-2026-33032, a critical remote takeover vulnerability in the Nginx UI management tool. The post Exploited Vulnerability Exposes Nginx Servers to Hacking appeared first on SecurityWeek.
Windows Active Directory Vulnerability Allow Attackers to Execute Malicious Code
Microsoft has released urgent security updates to address a critical vulnerability in Windows Active Directory that allows attackers to execute malicious code. Disclosed on April 14, 2026, the vulnerability poses a signi
New PHP Composer Vulnerability Let Attackers Execute Arbitrary Commands
PHP Composer released urgent security updates to address two critical command injection vulnerabilities. PHP Composer is an essential dependency management tool used globally by developers, making any code execution flaw
Adobe Acrobat Reader Vulnerabilities Let Attackers Execute Arbitrary Code
Adobe has released a critical security bulletin on April 14, 2026, to address multiple vulnerabilities in Adobe Acrobat and Reader for Windows and macOS. According to the official advisory, successful exploitation of the
Actively Exploited nginx-ui Flaw (CVE-2026-33032) Enables Full Nginx Server Takeover
A recently disclosed critical security flaw impacting nginx-ui, an open-source, web-based Nginx management tool, has come under active exploitation in the wild. The vulnerability in question is CVE-2026-33032 (CVSS score
April Patch Tuesday Fixes Critical Flaws Across SAP, Adobe, Microsoft, Fortinet, and More
A number of critical vulnerabilities impacting products from Adobe, Fortinet, Microsoft, and SAP have taken center stage in April's Patch Tuesday releases. Topping the list is an SQL injection vulnerability impacting SAP
Microsoft Issues Patches for SharePoint Zero-Day and 168 Other New Vulnerabilities
Microsoft on Tuesday released updates to address a record 169 security flaws across its product portfolio, including one vulnerability that has been actively exploited in the wild. Of these 169 vulnerabilities, 157 are r
Microsoft SharePoint Server 0-Day Vulnerability Actively Exploited in Attacks
A critical zero-day spoofing vulnerability in Microsoft SharePoint Server is being actively exploited in the wild, Microsoft confirmed on April 14, 2026, as part of its monthly security update cycle. Tracked as CVE-2026-
CVE-2026-5752 - CVE-2026-5752
CVE ID :CVE-2026-5752 Published : April 14, 2026, 6:17 p.m. | 2 hours, 22 minutes ago Description :Sandbox Escape Vulnerability in Terrarium allows arbitrary code execution with root privileges on a host process vi
CVE-2026-33824 - Windows Internet Key Exchange (IKE) Service Extensions Remote Code Execution Vulnerability
CVE ID :CVE-2026-33824 Published : April 14, 2026, 6:17 p.m. | 22 minutes ago Description :Double free in Windows IKE Extension allows an unauthorized attacker to execute code over a network. Severity: 9.8 | CRI
CVE-2026-26149 - Microsoft Power Apps Security Feature Bypass
CVE ID :CVE-2026-26149 Published : April 14, 2026, 6:16 p.m. | 23 minutes ago Description :Improper neutralization of escape, meta, or control sequences in Microsoft Power Apps allows an authorized attacker to bypa
Critical etcd Auth Bypass Flaw Allows Unauthorized Access to Sensitive Cluster APIs
A critical authentication bypass vulnerability has emerged in etcd, the foundational distributed key-value store that supports countless cloud-native systems and Kubernetes clusters globally. Tracked as CVE-2026-33413, t
Critical ShowDoc RCE Vulnerability Active Exploited in the Wild
Threat actors are actively exploiting a critical vulnerability in ShowDoc, a popular online document-sharing and collaboration tool used by IT teams worldwide. Tracked under the identifier CNVD-2020-26585, this severe se
CVE-2025-63939 - Anirudhkannan Grocery Store Management System SQL Injection Vulnerability
CVE ID :CVE-2025-63939 Published : April 14, 2026, 4:16 p.m. | 23 minutes ago Description :Improper input handling in /Grocery/search_products_itname.php, in anirudhkannan Grocery Store Management System 1.0, allow
CISA Warns of Fortinet SQL Injection Vulnerability Actively Exploited in Attacks
The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning regarding a critical security flaw in Fortinet products. On April 13, 2026, the agency added a severe SQL injection vulnerability t
Analysis of 216M Security Findings Shows a 4x Increase In Critical Risk (2026 Report)
OX Security recently analyzed 216 million security findings across 250 organizations over a 90-day period. The primary takeaway: while raw alert volume grew by 52% year-over-year, prioritized critical risk grew by nearly