ARTIKEL SUCHE
Threat Feed QueryDurchsuche alle aggregierten Security-Artikel nach Schlagworten, CVE-IDs und Quellen.
Critical MediaTek Vulnerability Lets Attackers Steal Android Phone PINs in 45 Seconds
A critical vulnerability in the MediaTek Dimensity 7300 chipset allows a physical attacker to extract device PINs, decrypt on-device storage, and steal cryptocurrency wallet seed phrases in approximately 45 seconds, rais
Critical SQL Injection bug in Ally plugin threatens 400,000+ WordPress sites
An unauthenticated SQL injection flaw (CVE-2026-2413) in the Ally WordPress plugin, used on 400K+ sites, could allow attackers to steal sensitive data. An unauthenticated SQL injection flaw, tracked as CVE-2026-2413 (CVS
Cisco IOS XR Software Vulnerability Allow Attacker to Execute Commands as Root
Cisco has issued a high-severity security advisory warning organizations about two critical privilege-escalation vulnerabilities in its IOS XR Software. If exploited, these flaws could allow an authenticated, local attac
Splunk RCE Vulnerability Allows Attackers to Execute Arbitrary Shell Commands
A critical security advisory has been released, warning users of a high-severity vulnerability affecting both Enterprise and Cloud platforms. Tracked as CVE-2026-20163, this flaw carries a CVSS score of 8.0. It enables a
Critical Microsoft Office Vulnerability Enables Remote Code Execution Attacks
On March 10, 2026, Microsoft released security updates to address a critical vulnerability in its widely used Office suite. Tracked as CVE-2026-26110, this security flaw allows an unauthorized attacker to execute malicio
CISA Flags Actively Exploited n8n RCE Bug as 24,700 Instances Remain Exposed
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a critical security flaw impacting n8n to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. T
CVE-2026-31896 - WeGIA has a Time-Based Blind SQL Injection in remover_produto_ocultar.php
CVE ID :CVE-2026-31896 Published : March 11, 2026, 8:16 p.m. | 59 minutes ago Description :WeGIA is a web manager for charitable institutions. Prior to version 3.6.6, a critical SQL injection vulnerability exists i
CVE-2026-27478 - Unity Catalog has a JWT Issuer Validation Bypass Allows Complete User Impersonation
CVE ID :CVE-2026-27478 Published : March 11, 2026, 8:16 p.m. | 59 minutes ago Description :Unity Catalog is an open, multi-modal Catalog for data and AI. In 0.4.0 and earlier, a critical authentication bypass vulne
Critical n8n Flaws Allow Remote Code Execution and Exposure of Stored Credentials
Cybersecurity researchers have disclosed details of two now-patched security flaws in the n8n workflow automation platform, including two critical bugs that could result in arbitrary command execution. The vulnerabilitie
Dozens of Vendors Patch Security Flaws Across Enterprise Software and Network Devices
SAP has released security updates to address two critical security flaws that could be exploited to achieve arbitrary code execution on affected systems. The vulnerabilities in question listed below - CVE-2019-17571 (CV
CVE-2026-3826 - WellChoose|IFTOP - Local File Inclusion
CVE ID :CVE-2026-3826 Published : 11. März 2026 06:38 | 36 Minuten ago Description :IFTOP developed by WellChoose has a Local File Inclusion vulnerability, allowing unauthenticated remote attackers to execute arbit
CVE-2026-24448 - "MR-GM5L-S1 and MR-GM5A-L1 Hard-Coded Credentials Vulnerability"
CVE ID :CVE-2026-24448 Published : 11. März 2026 06:17 | 57 Minuten ago Description :Use of hard-coded credentials issue exists in MR-GM5L-S1 and MR-GM5A-L1, which may allow an attacker to obtain administrative acc
CVE-2026-27842 - Cisco MR-GM Authentication Bypass Vulnerability
CVE ID :CVE-2026-27842 Published : 11. März 2026 06:17 | 57 Minuten ago Description :Authentication bypass issue exists in MR-GM5L-S1 and MR-GM5A-L1, which may allow an attacker to bypass authentication and change
Gogs Vulnerability Enables Attackers to Silently Overwrite Large File Storage Objects
A critical security flaw has been discovered in a popular open-source, self-hosted Git service, allowing attackers to overwrite Large File Storage (LFS) objects secretly. Tracked as CVE-2026-25921, this maximum-severity
Microsoft SQL Server Zero-Day Vulnerability Allows Attackers to Escalate Privileges
Microsoft has disclosed a critical zero-day vulnerability in SQL Server that allows authenticated attackers to escalate their privileges to the highest administrative level on affected database systems. Tracked as CVE-20
Zoom Workplace for Windows Vulnerabilities Allow Privilege Escalation
Zoom has released four security bulletins on March 10, 2026, disclosing multiple vulnerabilities across its Windows-based client suite. The flaws, ranging from High to Critical severity, could allow attackers to escalate
Cloudflare Pingora Vulnerabilities Allows Request Smuggling & Cache Poisoning Attacks
Cloudflare has released version 0.8.0 of its open-source Pingora framework to patch three critical vulnerabilities: CVE-2026-2833, CVE-2026-2835, and CVE-2026-2836. These flaws allow HTTP request smuggling and cache pois
Malformed ZIP Files Allows Attackers to Bypass Antivirus and EDR Detections
A critical flaw in how antivirus and Endpoint Detection and Response (EDR) systems process archive files. Tracked as CVE-2026-0866, this weakness allows attackers to use intentionally malformed ZIP headers to sneak malic
SAP Patches Critical FS-QUO, NetWeaver Vulnerabilities
A code injection bug in FS-QUO and an insecure deserialization flaw in NetWeaver could lead to arbitrary code execution. The post SAP Patches Critical FS-QUO, NetWeaver Vulnerabilities appeared first on SecurityWeek.
SAP Security Update – Patch for Multiple Vulnerabilities that Enable Remote Code Execution
SAP released 15 new security notes on its March 2026 Patch Day, addressing a range of vulnerabilities across its product portfolio, including two critical-rated flaws that could enable remote code execution and complete