ARTIKEL SUCHE
Threat Feed QueryDurchsuche alle aggregierten Security-Artikel nach Schlagworten, CVE-IDs und Quellen.
Cisco Firewall 0-day Vulnerability Exploited in the Wild to Deploy Interlock Ransomware
An active campaign by the Interlock ransomware group is exploiting a critical zero-day vulnerability (CVE-2026-20131) in Cisco Secure Firewall Management Center (FMC) Software. Cisco disclosed the flaw on March 4, 2026;
Interlock Ransomware Exploits Cisco FMC Zero-Day CVE-2026-20131 for Root Access
Amazon Threat Intelligence is warning of an active Interlock ransomware campaign that's exploiting a recently disclosed critical security flaw in Cisco Secure Firewall Management Center (FMC) Software. The vulnerability
Researchers warn of unpatched, critical Telnetd flaw affecting all versions
CVE-2026-32746 is a critical flaw in GNU InetUtils telnetd that allows remote attackers to execute code with elevated privileges Cybersecurity company Dream disclosed a critical flaw, tracked as CVE-2026-32746 (CVSS scor
ScreenConnect Vulnerability Allows Hackers to Extract Unique Machine Keys and Hijack Sessions
ConnectWise has issued an urgent security advisory for its ScreenConnect remote desktop software, disclosing a critical cryptographic vulnerability that could allow unauthenticated attackers to extract server-level machi
CVE-2026-25449 - WordPress Traveler theme < 3.2.8.1 - PHP Object Injection vulnerability
CVE ID :CVE-2026-25449 Published : March 18, 2026, 1:12 p.m. | 1 hour ago Description :Deserialization of Untrusted Data vulnerability in Shinetheme Traveler allows Object Injection.This issue affects Traveler: fro
Critical Telnetd Vulnerability Enables Remote Attacker to Execute Arbitrary Code via Port 23
A critical buffer overflow vulnerability in the GNU Inetutils telnetd daemon. Tracked as CVE-2026-32746, this flaw allows an unauthenticated remote attacker to execute arbitrary code and gain root access to affected syst
Critical FortiClient SQL Injection Vulnerability Enables Arbitrary Database Access
A critical SQL injection vulnerability in Fortinet’s FortiClient Endpoint Management Server (EMS). Tracked as CVE-2026-21643, this severe flaw carries a CVSS score of 9.1. It allows unauthenticated attackers to execute a
CVE-2026-22730 - CVE-2026-22730: SQL Injection in Spring AI MariaDBFilterExpressionConverter
CVE ID :CVE-2026-22730 Published : March 18, 2026, 7:36 a.m. | 35 minutes ago Description :A critical SQL injection vulnerability in Spring AI's MariaDBFilterExpressionConverter allows attackers to bypass metadata-
Critical Unpatched Telnetd Flaw (CVE-2026-32746) Enables Unauthenticated Root RCE via Port 23
Cybersecurity researchers have disclosed a critical security flaw impacting the GNU InetUtils telnet daemon (telnetd) that could be exploited by an unauthenticated remote attacker to execute arbitrary code with elevated
CISA Warns of Wing FTP Server Vulnerability Exploited in Attacks
A high-priority alert has been issued for a critical vulnerability in Wing FTP Server, added to the Known Exploited Vulnerabilities (KEV) catalog on March 16, 2026. This addition confirms that malicious actors are active
CISA Warns of Chrome 0-Day Vulnerabilities Exploited in Attacks
An urgent warning regarding two highly critical zero-day vulnerabilities affecting Google Chrome and related products. These flaws have been officially added to CISA’s Known Exploited Vulnerabilities (KEV) catalog, indic
Microsoft to Block Windows 11 and Server 2025 Automated Installation After Critical RCE Vulnerability
Microsoft has announced a two-phase plan to disable the hands-free deployment feature in Windows Deployment Services (WDS) following the discovery of a critical remote code execution (RCE) vulnerability tracked as CVE-20
Critical HPE AOS-CX Vulnerability Allows Admin Password Resets
The vulnerability can be exploited remotely, without authentication, to circumvent existing authentication controls. The post Critical HPE AOS-CX Vulnerability Allows Admin Password Resets appeared first on SecurityWeek.
Critical LangSmith Account Takeover Vulnerability Puts Users at Risk
Miggo Security researchers have identified a critical vulnerability in LangSmith, tracked as CVE-2026-25750, that exposes users to potential token theft and complete account takeover. As a central hub for debugging and m
CVE-2025-13779 - ABB AWIN GW100/GW120 Authentication Bypass
CVE ID :CVE-2025-13779 Published : March 13, 2026, 2:20 p.m. | 55 minutes ago Description :Missing authentication for critical function vulnerability in ABB AWIN GW100 rev.2, ABB AWIN GW120.This issue affects AWIN
Veeam Patches 7 Critical Backup & Replication Flaws Allowing Remote Code Execution
Veeam has released security updates to address multiple critical vulnerabilities in its Backup & Replication software that, if successfully exploited, could result in remote code execution. The vulnerabilities are as fol
CVE-2026-3611 - Honeywell IQ4x BMS Controller Missing authentication for critical function
CVE ID :CVE-2026-3611 Published : March 12, 2026, 8:06 p.m. | 1 hour, 9 minutes ago Description :The Honeywell IQ4x building management controller, exposes its full web-based HMI without authentication in its facto
CVE-2025-70245 - D-Link DIR-513 Buffer Overflow
CVE ID :CVE-2025-70245 Published : March 12, 2026, 7:16 p.m. | 23 hours, 59 minutes ago Description :Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetWizardSele
CVE-2026-21708 - Postgres Backup Viewer Remote Code Execution (RCE)
CVE ID :CVE-2026-21708 Published : March 12, 2026, 5:16 p.m. | 1 hour, 59 minutes ago Description :A vulnerability allowing a Backup Viewer to perform remote code execution (RCE) as the postgres user. Severity:
Veeam warns of critical flaws exposing backup servers to RCE attacks
Data protection company Veeam Software has patched multiple flaws in its Backup & Replication solution, including four critical remote code execution (RCE) vulnerabilities. [...]