ARTIKEL SUCHE
Threat Feed QueryDurchsuche alle aggregierten Security-Artikel nach Schlagworten, CVE-IDs und Quellen.
Fortinet Patches Actively Exploited CVE-2026-35616 in FortiClient EMS
Fortinet has released out-of-band patches for a critical security flaw impacting FortiClient EMS that it said has been exploited in the wild. The vulnerability, tracked as CVE-2026-35616 (CVSS score: 9.1), has been descr
Critical Fortinet FortiClient EMS 0-Day Vulnerability Actively Exploited in the Wild
Fortinet has issued an emergency hotfix after security researchers disclosed a critical zero-day vulnerability in FortiClient EMS that is already being actively exploited by threat actors. Tracked as CVE-2026-35616 and c
CVE-2026-25197 - Gardyn Cloud API Authorization Bypass Through User-Controlled Key
CVE ID :CVE-2026-25197 Published : April 3, 2026, 9:17 p.m. | 1 hour, 20 minutes ago Description :A specific endpoint allows authenticated users to pivot to other user profiles by modifying the id number in the API
CVE-2026-32646 - Gardyn Cloud API Missing Authentication for Critical Function
CVE ID :CVE-2026-32646 Published : April 3, 2026, 8:15 p.m. | 21 minutes ago Description :A specific administrative endpoint is accessible without proper authentication, exposing device management functions. Sev
CVE-2026-0545 - Missing Authentication for Critical Function in mlflow/mlflow
CVE ID :CVE-2026-0545 Published : April 3, 2026, 6:16 p.m. | 21 minutes ago Description :In mlflow/mlflow, the FastAPI job endpoints under `/ajax-api/3.0/jobs/*` are not protected by authentication or authorization
14,000+ F5 BIG-IP APM Devices Exposed Online Amid Active RCE Vulnerability Exploits
A critical security flaw in F5’s BIG-IP Access Policy Manager (APM) is currently under active exploitation, leaving thousands of enterprise networks at risk. The vulnerability, officially tracked as CVE-2025-53521, has s
Critical ShareFile Flaws Lead to Unauthenticated RCE
The vulnerabilities can be chained together to bypass authentication and upload arbitrary files to the server. The post Critical ShareFile Flaws Lead to Unauthenticated RCE appeared first on SecurityWeek.
Hackers Compromised 700+ Next.js Hosts by Exploiting React2Shell Vulnerability
A massive automated credential theft campaign is actively targeting web applications worldwide. Cybersecurity researchers at Cisco Talos have uncovered an operation by a hacker group tracked as UAT-10608, which has alrea
CVE-2026-33105 - Microsoft Azure Kubernetes Service Elevation of Privilege Vulnerability
CVE ID :CVE-2026-33105 Published : April 3, 2026, 12:16 a.m. | 21 minutes ago Description :Improper authorization in Microsoft Azure Kubernetes Service allows an unauthorized attacker to elevate privileges over a n
CVE-2026-33107 - Azure Databricks Elevation of Privilege Vulnerability
CVE ID :CVE-2026-33107 Published : April 3, 2026, 12:16 a.m. | 21 minutes ago Description :Server-side request forgery (ssrf) in Azure Databricks allows an unauthorized attacker to elevate privileges over a network
CVE-2026-26135 - Azure Custom Locations Resource Provider (RP) Elevation of Privilege Vulnerability
CVE ID :CVE-2026-26135 Published : April 3, 2026, 12:16 a.m. | 21 minutes ago Description :Server-side request forgery (ssrf) in Azure Custom Locations Resource Provider (RP) allows an authorized attacker to elevat
CVE-2026-32211 - Azure MCP Server Information Disclosure Vulnerability
CVE ID :CVE-2026-32211 Published : April 3, 2026, 12:16 a.m. | 21 minutes ago Description :Missing authentication for critical function in Azure MCP Server allows an unauthorized attacker to disclose information ov
CVE-2026-32213 - Azure AI Foundry Elevation of Privilege Vulnerability
CVE ID :CVE-2026-32213 Published : April 3, 2026, 12:16 a.m. | 21 minutes ago Description :Improper authorization in Azure AI Foundry allows an unauthorized attacker to elevate privileges over a network. Severit
Cisco Patches 9.8 CVSS IMC and SSM Flaws Allowing Remote System Compromise
Cisco has released updates to address a critical security flaw in the Integrated Management Controller (IMC) that, if successfully exploited, could allow an unauthenticated, remote attacker to bypass authentication and g
CVE-2026-2701 - RCE vulnerability in Progress ShareFile Storage Zones Controller (SZC)
CVE ID :CVE-2026-2701 Published : April 2, 2026, 2:16 p.m. | 20 minutes ago Description :Authenticated user can upload a malicious file to the server and execute it, which leads to remote code execution. Severit
Critical Cisco IMC auth bypass gives attackers Admin access
Cisco has patched several critical and high-severity vulnerabilities, including an Integrated Management Controller (IMC) authentication bypass that enables attackers to gain Admin access. [...]
Cisco Smart Software Manager Vulnerability Let Attackers Execute Arbitrary Commands
Cisco has issued an urgent security warning regarding a critical vulnerability in its Smart Software Manager On-Prem (SSM On-Prem) platform. Enterprise organizations widely use this tool to manage their Cisco software li
Over 14,000 F5 BIG-IP APM instances still exposed to RCE attacks
Internet security watchdog Shadowserver has found over 14,000 BIG-IP APM instances exposed online amid ongoing attacks exploiting a critical-severity remote code execution (RCE) vulnerability. [...]
Critical Cisco IMC Vulnerability Let Attackers Bypass Authentication
Cisco has recently disclosed a critical security flaw affecting its Integrated Management Controller (IMC), prompting the release of urgent software updates. The vulnerability, officially tracked as CVE-2026-20093, has b
Public PoC Exploit Released for Nginx-UI Backup Restore Vulnerability
A critical security flaw has been disclosed in the Nginx-UI backup restore mechanism, tracked as CVE-2026-33026. This vulnerability allows threat actors to tamper with encrypted backup archives and inject malicious confi