ARTIKEL SUCHE
Threat Feed QueryDurchsuche alle aggregierten Security-Artikel nach Schlagworten, CVE-IDs und Quellen.
SolarWinds Patches 4 Critical Serv-U 15.5 Flaws Allowing Root Code Execution
SolarWinds has released updates to address four critical security flaws in its Serv-U file transfer software that, if successfully exploited, could result in remote code execution. The vulnerabilities, all rated 9.1 on t
Threat Actors Exploit Apache ActiveMQ Server Vulnerability to Gain RDP Access and Deploy LockBit Ransomware
A critical vulnerability in Apache ActiveMQ has been actively exploited by threat actors, leading to a full LockBit ransomware deployment across an enterprise network. Attackers leveraged CVE-2023-46604, a remote code ex
CVE-2026-27641 - Flask-Reuploaded vulnerable to Remote Code Execution via Server-Side Template Injection
CVE ID : CVE-2026-27641 Published : Feb. 25, 2026, 4:16 a.m. | 32 minutes ago Description : Flask-Reuploaded provides file uploads for Flask. A critical path traversal and extension bypass vulnerability in versions pr
CVE-2026-27822 - Rust has Critical Stored XSS in Preview Modal, leading to Administrative Account Takeover
CVE ID : CVE-2026-27822 Published : Feb. 25, 2026, 3:16 a.m. | 1 hour, 32 minutes ago Description : RustFS is a distributed object storage system built in Rust. Prior to version 1.0.0-alpha.83, a Stored Cross-Site Scr
SolarWinds patches four critical Serv-U flaws enabling root access
SolarWinds addressed four critical Serv-U vulnerabilities that could let attackers gain root access to unpatched servers. SolarWinds released updates fixing four critical Serv-U vulnerabilities that allow remote code exe
New Deserialization Vulnerability in Ruby Workers Could Enable Full System Compromise
A critical Remote Code Execution (RCE) vulnerability has been identified in a Ruby background job processing system. The flaw stems from unsafe JSON deserialization, which allows untrusted input to be transformed into ex
Critical SolarWinds Serv-U flaws offer root access to servers
SolarWinds has patched four critical Serv-U remote code execution vulnerabilities that could grant attackers root access to unpatched servers. [...]
PoC Exploit Released for Grandstream GXP1600 VoIP Phones RCE Vulnerability
A critical zero-day vulnerability, tracked as CVE-2026-2329, is affecting Grandstream’s GXP1600 series VoIP desk phones. The issue is an unauthenticated stack-based buffer overflow that can be exploited remotely to achie
CVE-2026-1731 fuels ongoing attacks on BeyondTrust remote access products
Attackers are exploiting CVE-2026-1731 in BeyondTrust RS and PRA to deploy VShell, gain persistence, move laterally, and control compromised systems. Threat actors are actively exploiting a recently disclosed critical vu
CISA Warns of Multiple Roundcube Vulnerabilities Exploited in Attacks
CISA has officially updated its Known Exploited Vulnerabilities (KEV) Catalog to include new security flaws affecting a popular webmail platform. On February 20, 2026, the agency added two critical vulnerabilities found
Critical Grandstream Phone Vulnerability Exposes Calls to Interception
The flaw tracked as CVE-2026-2329 can be exploited without authentication for remote code execution with root privileges. The post Critical Grandstream Phone Vulnerability Exposes Calls to Interception appeared first on
CVE-2026-27197 - Sentry: Improper Authentication on SAML SSO process allows user identity linking
CVE ID : CVE-2026-27197 Published : Feb. 21, 2026, 5:17 a.m. | 1 hour, 27 minutes ago Description : Sentry is a developer-first error tracking and performance monitoring tool. Versions 21.12.0 through 26.1.0 have a cr
CVE-2025-71243
Currently trending CVE - Hype Score: 4 - The 'Saisies pour formulaire' (Saisies) plugin for SPIP versions 5.4.0 through 5.11.0 contains a critical Remote Code Execution (RCE) vulnerability. An attacker can exploit this v
CVE-2026-2333 - Improper Neutralization of Special Elements used in a Command ('Command Injection') in Owl opds
CVE ID : CVE-2026-2333 Published : Feb. 20, 2026, 5:25 p.m. | 37 minutes ago Description : Improper Neutralization of Special Elements used in a Command ('Command Injection') in Owl opds 2.2.0.4 allows Command Injecti
CVE-2026-26102 - Incorrect Permission Assignment for Critical Resource in Owl opds
CVE ID : CVE-2026-26102 Published : Feb. 20, 2026, 5:25 p.m. | 37 minutes ago Description : Incorrect Permission Assignment for Critical Resource in Owl opds 2.2.0.4 allows File Manipulation via a crafted network requ
CVE-2026-24790 - Welker OdorEyes EcoSystem Pulse Bypass System with XL4 Controller Missing Authentication for Critical Function
CVE ID : CVE-2026-24790 Published : Feb. 20, 2026, 5:25 p.m. | 37 minutes ago Description : The underlying PLC of the device can be remotely influenced, without proper safeguards or authentication. Severity: 8.2 | HI
BeyondTrust Flaw Used for Web Shells, Backdoors, and Data Exfiltration
Threat actors have been observed exploiting a recently disclosed critical security flaw impacting BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA) products to conduct a wide range of malicious actions,
Critical Jenkins Vulnerability Exposes Build Environments to XSS Attacks
Security Advisory has revealed multiple vulnerabilities in Jenkins Core, including a stored Cross-Site Scripting (XSS) flaw that could expose build environments to severe security risks. The issues, identified as CVE-202
Critical Vulnerabilities in VS Code Extensions Threaten 128 Million Developer Environments
Three critical vulnerabilities have been found in four popular Visual Studio Code extensions. These extensions have been downloaded over 128 million times. The vulnerabilities are identified as CVE-2025-65715, CVE-2025-6
PoC Released for Critical Chrome 0-day Vulnerability Exploited in the Wild
A public proof-of-concept exploit has been released for CVE-2026-2441, a critical use-after-free zero-day vulnerability in Google Chrome’s Blink CSS engine that Google confirmed is being actively exploited in the wild. S