ARTIKEL SUCHE
Threat Feed QueryDurchsuche alle aggregierten Security-Artikel nach Schlagworten, CVE-IDs und Quellen.
CVE-2025-41709 - Command injection in power analyzer via Modbus-TCP and Modbus-RTU
CVE ID :CVE-2025-41709 Published : March 10, 2026, 8:26 a.m. | 48 minutes ago Description :[PROBLEMTYPE] in [COMPONENT] in [VENDOR] [PRODUCT] [VERSION] on [PLATFORMS] allows [ATTACKER] to [IMPACT] via [VECTOR] S
Apache ZooKeeper Vulnerability Allow Attackers to Access Sensitive Data
Two “Important” severity vulnerabilities have been disclosed in Apache ZooKeeper, a widely used service for configuration management and naming in distributed applications, making timely security updates critical. These
CVE-2026-30862 - Critical Stored XSS & Privilege Escalation in Appsmith
CVE ID :CVE-2026-30862 Published : March 9, 2026, 10:26 p.m. | 4 hours, 48 minutes ago Description :Appsmith is a platform to build admin panels, internal tools, and dashboards. Prior to 1.96, a Critical Stored XSS
CVE-2026-25045 - Budibase Critical Privilege Escalation & IDOR via Missing RBAC on User Role Management (Creator-Role)
CVE ID :CVE-2026-25045 Published : March 9, 2026, 9:16 p.m. | 1 hour, 58 minutes ago Description :Budibase is a low code platform for creating internal tools, workflows, and admin panels. This issue is a combinatio
CVE-2026-25737 - Budibase Arbitrary File Upload Leading to Multiple Critical Vulnerabilities (SSRF, Stored XSS)
CVE ID :CVE-2026-25737 Published : March 9, 2026, 9:16 p.m. | 1 hour, 58 minutes ago Description :Budibase is a low code platform for creating internal tools, workflows, and admin panels. In 3.24.0 and earlier, an
Critical ExifTool Flaw Lets Malicious Images Trigger Code Execution on macOS
A serious security flaw has been found in ExifTool, a popular open-source tool used to read and edit image file metadata. Tracked as CVE-2026-3102, this vulnerability affects macOS systems and allows attackers to hide sh
Critical Nginx UI Vulnerabilities Allow Attacker to Download a Full System Backup
A newly discovered critical vulnerability in Nginx UI allows unauthenticated attackers to download and decrypt full system backups. Tracked as CVE-2026-27944, this flaw is categorized as CWE-306 and CWE-311, carrying a m
CVE-2025-41764 - Unchecked role in wwwupdate.cgi
CVE ID :CVE-2025-41764 Published : March 9, 2026, 8:17 a.m. | 55 minutes ago Description :Due to insufficient authorization enforcement, an unauthorized remote attacker can exploit the wwwupdate.cgi endpoint to upl
CVE-2026-3630 - Stack-based Buffer Overflow Vulnerability in COMMGR2
CVE ID :CVE-2026-3630 Published : March 9, 2026, 4:15 a.m. | 57 minutes ago Description :Delta Electronics COMMGR2 has Stack-based Buffer Overflow vulnerability. Severity: 9.8 | CRITICAL Visit the link fo
Critical Nginx UI flaw CVE-2026-27944 exposes server backups
Nginx UI flaw CVE-2026-27944 lets attackers download and decrypt server backups without authentication, exposing sensitive data on public management interfaces. A critical vulnerability in Nginx UI, tracked as CVE-2026-2
Critical Zero-Click Command Injection in AVideo Platform Allows Stream Hijacking
A critical vulnerability in AVideo, a widely used open-source video hosting and streaming platform. Tracked as CVE-2026-29058, this zero-click flaw carries a maximum severity rating, allowing unauthenticated attackers to
CVE-2026-30843 - Wekan has Cross-Board IDOR in Custom Fields Update Endpoints
CVE ID : CVE-2026-30843 Published : March 6, 2026, 8:16 p.m. | 34 minutes ago Description : Wekan is an open source kanban tool built with Meteor. Versions 8.32 and 8.33 have a critical Insecure Direct Object Referenc
CVE-2026-28514 - Rocket.Chat: Users can login with any password via the EE ddp-streamer-service
CVE ID : CVE-2026-28514 Published : March 6, 2026, 6:16 p.m. | 34 minutes ago Description : Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to versions 7.8.6, 7.9.8, 7.10.7, 7.
CVE-2026-26288 - Everon api.everon.io Missing Authentication for Critical Function
CVE ID : CVE-2026-26288 Published : March 6, 2026, 4:16 p.m. | 34 minutes ago Description : WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation a
CVE-2026-26051 - Mobiliti e-mobi.hu Missing Authentication for Critical Function
CVE ID : CVE-2026-26051 Published : March 6, 2026, 3:16 p.m. | 1 hour, 34 minutes ago Description : WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station imperso
China-Nexus Hackers Attacking Telecommunication Providers With New Malware
A China-linked advanced persistent threat actor has been actively targeting telecommunications providers across South America since 2024, deploying three new malware implants to gain deep access into critical network inf
Amazon AWS-LC Vulnerabilities Allows Attackers to Bypass Certificate Chain Verification
A critical security bulletin addressing three distinct vulnerabilities in AWS-LC, its open-source, general-purpose cryptographic library. Published on March 2, 2026, the disclosure highlights a flaw that allows unauthent
WordPress Membership Plugin Vulnerability Let Attackers Create Admin Accounts
A critical security flaw, identified as CVE-2026-1492, has been found in the User Registration & Membership plugin for WordPress. This vulnerability allows unauthenticated attackers to bypass security controls and create
China-Linked Hackers Use TernDoor, PeerTime, BruteEntry in South American Telecom Attacks
A China-linked advanced persistent threat (APT) actor has been targeting critical telecommunications infrastructure in South America since 2024, targeting Windows and Linux systems and edge devices with three different i
CVE-2026-2331 - CVE-2026-2331
CVE ID : CVE-2026-2331 Published : March 6, 2026, 8:16 a.m. | 1 hour, 28 minutes ago Description : An attacker may perform unauthenticated read and write operations on sensitive filesystem areas via the AppEngine File