ARTIKEL SUCHE
Threat Feed QueryDurchsuche alle aggregierten Security-Artikel nach Schlagworten, CVE-IDs und Quellen.
Critical Quest KACE Vulnerability Potentially Exploited in Attacks
The vulnerability is tracked as CVE-2025-32975 and it may have been exploited in attacks against the education sector. The post Critical Quest KACE Vulnerability Potentially Exploited in Attacks appeared first on Securit
Oracle Patches Critical CVE-2026-21992 Enabling Unauthenticated RCE in Identity Manager
Oracle has released security updates to address a critical security flaw impacting Identity Manager and Web Services Manager that could be exploited to achieve remote code execution. The vulnerability, tracked as CVE-202
Oracle Issues Urgent Security Update for Critical RCE Flaw in Identity Manager and Web Services Manager
Oracle has issued an out-of-band Security Alert addressing a critical remote code execution (RCE) vulnerability, CVE-2026-21992, affecting two widely deployed Fusion Middleware components, Oracle Identity Manager and Ora
CVE-2026-29796 - IGL-Technologies eParking.fi Missing Authentication for Critical Function
CVE ID :CVE-2026-29796 Published : March 20, 2026, 11:16 p.m. | 1 hour ago Description :WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation an
CVE-2026-25192 - CTEK Chargeportal Missing Authentication for Critical Function
CVE ID :CVE-2026-25192 Published : March 20, 2026, 11:16 p.m. | 1 hour ago Description :WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation an
Oracle pushes emergency fix for critical Identity Manager RCE flaw
Oracle has released an out-of-band security update to fix a critical unauthenticated remote code execution vulnerability in Identity Manager and Web Services Manager tracked as CVE-2026-21992. [...]
CVE-2026-22898 - QVR Pro
CVE ID :CVE-2026-22898 Published : March 20, 2026, 5:16 p.m. | 59 minutes ago Description :A missing authentication for critical function vulnerability has been reported to affect QVR Pro. The remote attackers can
Critical Langflow Flaw CVE-2026-33017 Triggers Attacks within 20 Hours of Disclosure
A critical security flaw impacting Langflow has come under active exploitation within 20 hours of public disclosure, highlighting the speed at which threat actors weaponize newly published vulnerabilities. The security d
CISA Warns of Cisco Secure Firewall Management Center 0-Day Exploited in Ransomware Attacks
An urgent warning highlights a critical zero-day in Cisco products, now added to the CISA Known Exploited Vulnerabilities Catalog after active exploitation in ransomware campaigns. Network defenders and security administ
Critical Jenkins Vulnerabilities Expose CI/CD Servers to RCE Attacks
A critical security advisory addressing multiple high-severity vulnerabilities in Jenkins core and the LoadNinja plugin. Issued on March 18, 2026, the alert warns that these flaws could allow attackers to execute arbitra
Magento PolyShell Flaw Enables Unauthenticated Uploads, RCE and Account Takeover
Sansec is warning of a critical security flaw in Magento's REST API that could allow unauthenticated attackers to upload arbitrary executables and achieve code execution and account takeover. The vulnerability has been c
Critical Langflow Vulnerability Exploited Hours After Public Disclosure
Because attacker-supplied flow data is used in public flows, the bug leads to unauthenticated remote code execution. The post Critical Langflow Vulnerability Exploited Hours After Public Disclosure appeared first on Secu
CVE-2026-32950 - SQLBot: RCE via SQL Injection in Excel Upload Endpoint
CVE ID :CVE-2026-32950 Published : March 20, 2026, 5:16 a.m. | 59 minutes ago Description :SQLBot is an intelligent data query system based on a large language model and RAG. Versions prior to 1.7.0 contain a criti
CVE-2026-32756 - Admidio: Unrestricted File Upload via CSRF Token Validation Bypass in Documents & Files Module
CVE ID :CVE-2026-32756 Published : March 20, 2026, 12:16 a.m. | 1 hour, 59 minutes ago Description :Admidio is an open-source user management solution. Versions 5.0.6 and below contain a critical unrestricted file
CVE-2026-29103 - SuiteCRM Vulnerable to Remote Code Execution via Module Loader Package Scanner Bypass
CVE ID :CVE-2026-29103 Published : March 19, 2026, 11:16 p.m. | 58 minutes ago Description :SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. A Critical Remot
CVE-2026-32194 - Microsoft Bing Images Remote Code Execution Vulnerability
CVE ID :CVE-2026-32194 Published : March 19, 2026, 9:21 p.m. | 53 minutes ago Description :None Severity: 9.8 | CRITICAL Visit the link for more details, such as CVSS details, affected products, timeline, a
CVE-2026-32169 - Azure Cloud Shell Elevation of Privilege Vulnerability
CVE ID :CVE-2026-32169 Published : March 19, 2026, 9:17 p.m. | 58 minutes ago Description :Server-side request forgery (ssrf) in Azure Cloud Shell allows an unauthorized attacker to elevate privileges over a networ
CVE-2026-30402 - Apache WireGuard Code Execution Vulnerability
CVE ID :CVE-2026-30402 Published : March 19, 2026, 3:16 p.m. | 2 hours, 58 minutes ago Description :An issue in wgcloud v.2.3.7 and before allows a remote attacker to execute arbitrary code via the test connection
Russian APT targets Ukraine via Zimbra XSS flaw CVE-2025-66376
Russian APT exploits a critical XSS flaw in Zimbra, tracked as CVE-2025-66376, running scripts via HTML emails to target users in Ukraine. Russia-linked threat actor exploits a high-severity XSS vulnerability, tracked as
Critical Microsoft SharePoint flaw now exploited in attacks
A critical Microsoft SharePoint vulnerability patched in January is now being exploited in attacks, the Cybersecurity and Infrastructure Security Agency (CISA) warned. [...]