ARTIKEL SUCHE
Threat Feed QueryDurchsuche alle aggregierten Security-Artikel nach Schlagworten, CVE-IDs und Quellen.
CVE-2026-39337 - ChurchCRM Affected by Unauthenticated RCE in Install Wizard
CVE ID :CVE-2026-39337 Published : April 7, 2026, 6:16 p.m. | 21 minutes ago Description :ChurchCRM is an open-source church management system. Prior to 7.1.0, critical pre-authentication remote code execution vuln
CVE-2026-39339 - ChurchCRM has an API Authentication Bypass
CVE ID :CVE-2026-39339 Published : April 7, 2026, 6:16 p.m. | 21 minutes ago Description :ChurchCRM is an open-source church management system. Prior to 7.1.0, a critical authentication bypass vulnerability in Chu
CVE-2026-39323 - ChurchCRM has a SQL Injection in PropertyTypeEditor.php with Cross-Page Data Exposure
CVE ID :CVE-2026-39323 Published : April 7, 2026, 6:16 p.m. | 21 minutes ago Description :ChurchCRM is an open-source church management system. Prior to 7.1.0, a critical SQL injection vulnerability exists in Churc
CVE-2026-35463 - pyLoad has Improper Neutralization of Special Elements used in an OS Command
CVE ID :CVE-2026-35463 Published : April 7, 2026, 3:17 p.m. | 1 hour, 20 minutes ago Description :pyLoad is a free and open-source download manager written in Python. In 0.5.0b3.dev96 and earlier, the ADMIN_ONLY_OP
Flowise AI Agent Builder Injection Vulnerability Exploited in Attacks, 15,000+ Instances Exposed
Threat actors are actively exploiting a maximum-severity remote code execution (RCE) vulnerability in Flowise, an open-source platform used for building AI agents and customized large language model workflows. The critic
50,000 WordPress Sites Exposed to Critical Ninja Forms File Upload RCE Vulnerability
A critical security flaw in the popular WordPress plugin “Ninja Forms – File Upload” has left approximately 50,000 websites vulnerable to complete takeover. Tracked as CVE-2026-0740, this flaw boasts a maximum CVSS sever
OpenAI Codex Command Injection Vulnerability Let Attackers Steal GitHub User Access Tokens
The integration of AI coding agents has introduced new, high-impact attack surfaces for development teams. Phantom Labs at BeyondTrust recently discovered a critical command-injection vulnerability in OpenAI Codex. This
CVE-2026-35471 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in goshs
CVE ID :CVE-2026-35471 Published : April 6, 2026, 10:16 p.m. | 22 minutes ago Description :goshs is a SimpleHTTPServer written in Go. Prior to 2.0.0-beta.3, tdeleteFile() missing return after path traversal check.
CVE-2026-35393 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in goshs POST multipart upload
CVE ID :CVE-2026-35393 Published : April 6, 2026, 9:16 p.m. | 1 hour, 22 minutes ago Description :goshs is a SimpleHTTPServer written in Go. Prior to 2.0.0-beta.3, the POST multipart upload directory not sanitized.
CVE-2026-35184 - EcclesiaCRM has a Critical SQL Injection
CVE ID :CVE-2026-35184 Published : April 6, 2026, 8:16 p.m. | 21 minutes ago Description :EcclesiaCRM is CRM Software for church management. Prior to 8.0.0, there is a SQL injection vulnerability in v2/templates/qu
Attackers Exploit RCE Flaw as 14,000 F5 BIG-IP APM Instances Remain Exposed
Over 14,000 F5 BIG-IP APM instances remain exposed online, as attackers actively exploit a critical remote code execution flaw CVE-2025-53521. Over 14,000 F5 BIG-IP APM instances remain exposed online, with attackers act
Critical Dgraph Database Vulnerability Let Attackers Bypass Authentication
A maximum-severity vulnerability in Dgraph, a popular open-source graph database. Tracked as CVE-2026-34976, this critical flaw carries a perfect CVSS score of 10.0. It allows unauthenticated remote attackers to bypass a
CVE-2026-35616: Fortinet fixes actively exploited high-severity flaw
Fortinet issued emergency patches for a critical FortiClient EMS flaw (CVE-2026-35616) actively exploited in the wild. Fortinet released out-of-band patches for a critical FortiClient EMS vulnerability, tracked as CVE-20
CISA Adds TrueConf Vulnerability to KEV Catalog Following Active Exploitation
The Cybersecurity and Infrastructure Security Agency (CISA) has officially added a critical vulnerability affecting TrueConf software to its Known Exploited Vulnerabilities (KEV) catalog. Tracked as CVE-2026-3502, this s
2,000+ FortiClient EMS Instances Exposed Online Amid Active RCE Vulnerability Exploits in the Wild
The Shadowserver Foundation has issued an urgent warning to FortiClient Enterprise Management Server (EMS) administrators after identifying over 2,000 publicly accessible instances globally, two of which are now confirme
CVE-2026-4272 - CVE-2026-4272 - Bluetooth Remote Execution of System Commands Vulnerability
CVE ID :CVE-2026-4272 Published : April 5, 2026, 10:16 p.m. | 22 minutes ago Description :Missing Authentication for Critical Function vulnerability in Honeywell Handheld Scanners allows Authentication Abuse.This i
New FortiClient EMS flaw exploited in attacks, emergency patch released
Fortinet has released an emergency weekend security update for a new critical FortiClient Enterprise Management Server (EMS) vulnerability that is actively exploited in attacks. [...]
Fortinet Patches Actively Exploited CVE-2026-35616 in FortiClient EMS
Fortinet has released out-of-band patches for a critical security flaw impacting FortiClient EMS that it said has been exploited in the wild. The vulnerability, tracked as CVE-2026-35616 (CVSS score: 9.1), has been descr
Critical Fortinet FortiClient EMS 0-Day Vulnerability Actively Exploited in the Wild
Fortinet has issued an emergency hotfix after security researchers disclosed a critical zero-day vulnerability in FortiClient EMS that is already being actively exploited by threat actors. Tracked as CVE-2026-35616 and c
CVE-2026-25197 - Gardyn Cloud API Authorization Bypass Through User-Controlled Key
CVE ID :CVE-2026-25197 Published : April 3, 2026, 9:17 p.m. | 1 hour, 20 minutes ago Description :A specific endpoint allows authenticated users to pivot to other user profiles by modifying the id number in the API