ARTIKEL SUCHE
Threat Feed QueryDurchsuche alle aggregierten Security-Artikel nach Schlagworten, CVE-IDs und Quellen.
Zerobot Malware Exploiting Tenda Command Injection Vulnerabilities to Deploy Malware
A Mirai-based botnet campaign known as Zerobot has resurfaced with renewed force, this time targeting critical flaws in Tenda AC1206 routers and the n8n workflow automation platform. The campaign, now operating on its ni
Langflow’s AI CSV Agent Vulnerability Allows Remote Code Execution Attacks
A critical vulnerability in a popular AI application platform allows attackers to remotely execute harmful code through its CSV data-processing agent. The vulnerability, tracked as CVE-2026-27966, was recently disclosed
CVE-2026-26713 - Code-Projects Simple Food Order System SQL Injection
CVE ID : CVE-2026-26713 Published : March 2, 2026, 8:16 p.m. | 3 hours, 26 minutes ago Description : code-projects Simple Food Order System v1.0 is vulnerable to SQL Injection in /food/routers/cancel-order.php. Sever
PoC Exploit Released for Windows Error Reporting ALPC Privilege Escalation
A critical local privilege escalation (LPE) vulnerability affecting Microsoft Windows has recently come to light following the public release of a Proof-of-Concept (PoC) exploit. Tracked as CVE-2026-20817, this security
CVE-2026-26720 - Twenty CRM TypeScript Injection Vulnerability
CVE ID : CVE-2026-26720 Published : March 2, 2026, 4:16 p.m. | 1 hour, 21 minutes ago Description : An issue in Twenty CRM v1.15.0 and before allows a remote attacker to execute arbitrary code via the local.driver.ts
DuckDuckGo Browser UXSS Flaw in Auto Consent JS Bridge Enables Cross-Origin Code Execution
A critical Universal Cross-Site Scripting (UXSS) vulnerability was recently discovered in the DuckDuckGo Android browser. This flaw allowed untrusted, cross-origin iframes to execute arbitrary JavaScript in the top-level
CVE-2026-23600 - HPE AutoPass License Server (APLS) Remote Authentication Bypass
CVE ID : CVE-2026-23600 Published : March 2, 2026, 3:16 p.m. | 21 minutes ago Description : A remote authentication bypass vulnerability exists in HPE AutoPass License Server (APLS). Severity: 10.0 | CRITICAL Vis
CISA Warns of RESURGE Malware Exploiting 0-Days to Breach Ivanti Connect Secure Devices
A newly discovered malware variant named RESURGE is actively targeting Ivanti Connect Secure devices by exploiting a critical zero-day vulnerability, prompting the U.S. Cybersecurity and Infrastructure Security Agency (C
CVE-2026-2584 - SQL Injection in Ciser System SL firmware
CVE ID : CVE-2026-2584 Published : March 2, 2026, 9:16 a.m. | 21 minutes ago Description : A critical SQL Injection (SQLi) vulnerability has been identified in the authentication module of the system. An unauthenticat
Angular SSR Request Vulnerability Allows Attackers to Trick Applications into Sending Unauthorized Requests
A critical vulnerability has been discovered in Angular Server-Side Rendering (SSR) that could allow attackers to trick applications into sending unauthorized requests. Tracked as CVE-2026-27739, this Server-Side Request
CVE-2025-7544
Currently trending CVE - Hype Score: 4 - A vulnerability was found in Tenda AC1206 15.03.06.23. It has been rated as critical. This issue affects the function formSetMacFilterCfg of the file /goform/setMacFilterCfg. The
CVE-2026-2844 - TimePictra Authentication Bypass Vulnerability
CVE ID : CVE-2026-2844 Published : Feb. 28, 2026, 12:16 p.m. | 1 hour, 19 minutes ago Description : Missing Authentication for Critical Function vulnerability in Microchip TimePictra allows Configuration/Environment M
CVE-2026-28409 - WeGIA Vulnerable to Remote Code Execution (RCE) via OS Command Injection
CVE ID : CVE-2026-28409 Published : Feb. 27, 2026, 10:16 p.m. | 1 hour, 19 minutes ago Description : WeGIA is a web manager for charitable institutions. Prior to version 3.6.5, a critical Remote Code Execution (RCE) v
Critical Trend Micro Apex One Vulnerabilities Allows Malicious Code Execution
Trend Micro has released fixes for multiple Apex One vulnerabilities, ranging from High to Critical severity, including management console issues that can lead to remote code execution (RCE). The affected CVEs range from
Juniper issues emergency patch for critical PTX router RCE
Juniper released an emergency patch for Junos OS Evolved to fix CVE-2026-21902, a critical RCE flaw affecting PTX routers. Juniper Networks issued an out-of-band security update for Junos OS Evolved to address a critical
Juniper Networks PTX Routers Affected by Critical Vulnerability
An out-of-band security update for Junos OS Evolved patches the remote code execution vulnerability CVE-2026-21902. The post Juniper Networks PTX Routers Affected by Critical Vulnerability appeared first on SecurityWeek
FreeBSD Vulnerability Allow Attackers to Crash the Entire System
Administrators must urgently patch a critical vulnerability that allows attackers to escape isolated jail environments. Tracked as CVE-2025-15576, the flaw enables a dangerous jailbreak condition despite often being asso
Juniper Networks PTX Vulnerability Enables Full Router Takeover
A major networking vendor has issued an out-of-cycle security bulletin to address a critical vulnerability in its Junos OS Evolved software, specifically affecting PTX Series platforms. This flaw, identified as CVE-2026-
Google API Keys Expose Private Data Silently Through Gemini
A critical privilege escalation vulnerability affecting Google Cloud API keys specifically how legacy public-facing keys now silently grant unauthorized access to Google’s Gemini AI endpoints, exposing private files, cac
CVE-2026-27028 - Mobility46 mobility46.se Missing Authentication for Critical Function
CVE ID : CVE-2026-27028 Published : Feb. 27, 2026, 1:16 a.m. | 1 hour, 33 minutes ago Description : WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impers