ARTIKEL SUCHE
Threat Feed QueryDurchsuche alle aggregierten Security-Artikel nach Schlagworten, CVE-IDs und Quellen.
Hackers Actively Exploiting Critical BeyondTrust Vulnerability to Deploy VShell and SparkRAT
A critical vulnerability in BeyondTrust’s remote support software is being actively exploited by hackers to deliver dangerous backdoors on compromised systems. The flaw, tracked as CVE-2026-1731, carries a CVSS score of
CVE-2026-26967 - PJSIP has a Heap-based Buffer Overflow vulnerability in its H.264 unpacketizer
CVE ID : CVE-2026-26967 Published : Feb. 20, 2026, 1:15 a.m. | 46 minutes ago Description : PJSIP is a free and open source multimedia communication library written in C. In versions 2.16 and below, there is a critica
Flaw in Grandstream VoIP phones allows stealthy eavesdropping
A critical vulnerability in Grandstream GXP1600 series VoIP phones allows a remote, unauthenticated attacker to gain root privileges and silently eavesdrop on communications. [...]
CVE-2025-71243 - SPIP Saisies Plugin < 5.11.1 Remote Code Execution
CVE ID : CVE-2025-71243 Published : Feb. 19, 2026, 2:58 p.m. | 1 hour, 4 minutes ago Description : The 'Saisies pour formulaire' (Saisies) plugin for SPIP versions 5.4.0 through 5.11.0 contains a critical Remote Code
CISA Warns of Honeywell CCTV Products Vulnerability Leads to Account Takeovers
A critical advisory warning regarding a severe vulnerability affecting Honeywell CCTV products, published on February 17, 2026, under advisory ICSA-26-048-04. The alert details a high-severity security flaw that could al
CISA alerts to critical auth bypass CVE-2026-1670 in Honeywell CCTVs
CISA warns Honeywell CCTVs are affected by a critical auth bypass flaw (CVE-2026-1670) allowing unauthorized access or account hijacking. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warns that Honeyw
CVE-2025-8350 - Authentication Bypass with Redirect in BiEticaret Software's BiEticaret CMS
CVE ID : CVE-2025-8350 Published : Feb. 19, 2026, 11:30 a.m. | 32 minutes ago Description : Execution After Redirect (EAR), Missing Authentication for Critical Function vulnerability in Inrove Software and Internet Se
Critical Authentication Bypass in better-auth API Keys Plugin Allows Unauthenticated Account Takeover
A critical authentication bypass vulnerability in the better-auth API keys plugin allows unauthenticated attackers to mint privileged API keys for arbitrary users. The flaw, tracked as CVE-2025-61928, affects all version
CVE-2026-25548 - InvoicePlane Vulnerable to Remote Code Execution via Local File Inclusion and Log Poisoning
CVE ID : CVE-2026-25548 Published : Feb. 18, 2026, 11:16 p.m. | 46 minutes ago Description : InvoicePlane is a self-hosted open source application for managing invoices, clients, and payments. A critical Remote Code E
Critical infra Honeywell CCTVs vulnerable to auth bypass flaw
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning of a critical vulnerability in multiple Honeywell CCTV products that allows unauthorized access to feeds or account hijacking. [...]
CVE-2025-14009 - Zip Slip Vulnerability in nltk/nltk Leading to Remote Code Execution
CVE ID : CVE-2025-14009 Published : Feb. 18, 2026, 6:24 p.m. | 1 hour, 38 minutes ago Description : A critical vulnerability exists in the NLTK downloader component of nltk/nltk, affecting all versions. The _unzip_ite
CVE-2025-70149 - CodeAstro Membership Management System SQL Injection Vulnerability
CVE ID : CVE-2025-70149 Published : Feb. 18, 2026, 5:21 p.m. | 2 hours, 41 minutes ago Description : CodeAstro Membership Management System 1.0 is vulnerable to SQL Injection in print_membership_card.php via the ID pa
Grandstream GXP1600 VoIP Phones Exposed to Unauthenticated Remote Code Execution
Cybersecurity researchers have disclosed a critical security flaw in the Grandstream GXP1600 series of VoIP phones that could allow an attacker to seize control of susceptible devices. The vulnerability, tracked as CVE-2
CVE-2025-65791 - ZoneMinder Command Injection Vulnerability
CVE ID : CVE-2025-65791 Published : Feb. 18, 2026, 4:22 p.m. | 1 hour, 40 minutes ago Description : ZoneMinder v1.36.34 is vulnerable to Command Injection in web/views/image.php. The application passes unsanitized use
16 Zero-Day Vulnerabilities in Popular PDF Platforms Enable Code Execution and Data Exfiltration
16 zero-day vulnerabilities, including critical OS Command Injection, DOM-based XSS, SSRF, and Path Traversal flaws across Apryse WebViewer (formerly PDFTron) and Foxit PDF cloud services, affecting millions of enterpris
China-linked APT weaponized Dell RecoverPoint zero-day since 2024
A suspected Chinese state-linked group exploited a critical Dell RecoverPoint flaw (CVE-2026-22769) in zero-day attacks starting mid-2024. Mandiant and Google’s Threat Intelligence Group (GTIG) reported that a suspected
Single-Character Typo of “&” Instead of “|” Leads to 0-Day RCE in Firefox
A critical Remote Code Execution (RCE) vulnerability in Mozilla Firefox was caused by a single-character typo in the SpiderMonkey JavaScript engine’s WebAssembly garbage collection code, where a developer mistakenly type
Microsoft VS Code Extension with 11M Downloads Expose Developers to One-Click XSS Attacks
A critical vulnerability discovered in Microsoft’s popular Visual Studio Code (VS Code) Live Preview extension, downloaded over 11 million times, exposes developers to one-click cross-site scripting (XSS) and local file
Critical Windows Admin Center Vulnerability Allows Privilege Escalation
A critical security update addressing a high‑severity elevation of privilege vulnerability in Windows Admin Center (WAC), identified as CVE‑2026‑26119. The flaw, rated CVSS 8.8 (Critical), stems from improper authenticat
Dell 0-Day Vulnerability Exploited by Chinese Hackers since mid-2024 to Deploy Malware
A critical zero-day exploitation campaign targeting Dell RecoverPoint for Virtual Machines. The vulnerability, tracked as CVE-2026-22769, carries a maximum CVSSv3.1 score of 10.0 and has been under active exploitation si