ARTIKEL SUCHE
Threat Feed QueryDurchsuche alle aggregierten Security-Artikel nach Schlagworten, CVE-IDs und Quellen.
Critical Ivanti Endpoint Manager 0-day RCE Vulnerabilities Actively Exploited in Attacks
Two critical code-injection vulnerabilities have been disclosed in the Endpoint Manager Mobile (EPMM) platform, which are currently being actively exploited in real-world attacks. The security flaws, tracked as CVE-2026-
Ivanti Patches Exploited EPMM Zero-Days
The critical-severity vulnerabilities could allow unauthenticated attackers to execute arbitrary code remotely. The post Ivanti Patches Exploited EPMM Zero-Days appeared first on SecurityWeek.
Wireshark 4.6.3 Released Fix for Vulnerabilities that Lead to DoS Attack and Crashes
The Wireshark Foundation has officially released Wireshark 4.6.3, the latest update to the world’s most popular network protocol analyzer. This release is critical for network administrators, security analysts, and devel
CVE-2026-24728 - Interinfo DreamMaker - Missing Authentication for Critical Function
CVE ID : CVE-2026-24728 Published : Jan. 30, 2026, 5:16 a.m. | 33 minutes ago Description : A missing authentication for critical function vulnerability in the /servlet/baServer3 endpoint of Interinfo DreamMaker versi
CVE-2026-1281 - Ivanti Endpoint Manager Mobile Code Injection Vulnerability
CVE ID : CVE-2026-1281 Published : Jan. 29, 2026, 10:15 p.m. | 1 hour, 34 minutes ago Description : A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code executio
SolarWinds addressed four critical Web Help Desk flaws
SolarWinds patched six Web Help Desk vulnerabilities, including four critical flaws exploitable without authentication for RCE or auth bypass. SolarWinds released security updates to address six Web Help Desk vulnerabili
CVE-2026-1453 - Missing Authentication for Critical Function in KiloView Encoder Series
CVE ID : CVE-2026-1453 Published : Jan. 29, 2026, 7:16 p.m. | 33 minutes ago Description : A missing authentication for critical function vulnerability in KiloView Encoder Series could allow an unauthenticated attacke
Ivanti warns of two EPMM flaws exploited in zero-day attacks
Ivanti has disclosed two critical vulnerabilities in Ivanti Endpoint Manager Mobile (EPMM), tracked as CVE-2026-1281 and CVE-2026-1340, that were exploited in zero-day attacks. [...]
CISA Warns of FortiCloud SSO Authentication Bypass Vulnerability Exploited in Attacks
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about a critical authentication bypass vulnerability in multiple Fortinet products, actively exploited in the wild. Tracked as CVE-202
SolarWinds Fixes Four Critical Web Help Desk Flaws With Unauthenticated RCE and Auth Bypass
SolarWinds has released security updates to address multiple security vulnerabilities impacting SolarWinds Web Help Desk, including four critical vulnerabilities that could result in authentication bypass and remote code
SolarWinds Patches Critical Web Help Desk Vulnerabilities
The four critical flaws could be exploited without authentication for remote code execution or authentication bypass. The post SolarWinds Patches Critical Web Help Desk Vulnerabilities appeared first on SecurityWeek.
Hackers Exploiting FreePBX Vulnerability to Deploy Webshell and Gain Control of Systems
A sophisticated attack campaign leveraging a critical FreePBX vulnerability to deploy a persistent webshell dubbed “EncystPHP,” enabling threat actors to gain complete administrative control over compromised VoIP systems
Nation-state and criminal actors leverage WinRAR flaw in attacks
Multiple threat actors exploited a now-patched critical WinRAR flaw to gain initial access and deliver various malicious payloads. Google Threat Intelligence Group (GTIG) revealed that multiple threat actors, including A
Critical IDIS IP Cameras One-Click Vulnerability Leads to full Compromise of Victim’s Computer
A severe security flaw in IDIS IP cameras has emerged, allowing attackers to gain complete control over a victim’s computer with just one click. The vulnerability, tracked as CVE-2025-12556, targets the IDIS Cloud Manage
eScan Antivirus Update Server Hacked to Push Malicious Update packages
A critical supply chain compromise affecting MicroWorld Technologies’ eScan antivirus product, wherein threat actors successfully hijacked the vendor’s legitimate update infrastructure to distribute malware. Discovered o
Critical Solarwinds Web Vulnerability Allows Remote Code Execution and Security Bypass
Multiple critical vulnerabilities in SolarWinds Web Help Desk (WHD), culminating in unauthenticated remote code execution (RCE) via Java deserialization in CVE-2025-40551, were uncovered by Horizon3.ai researchers. These
CVE-2026-24835 - Podman Desktop Extension System Vulnerable to Authentication Bypass
CVE ID : CVE-2026-24835 Published : Jan. 28, 2026, 9:16 p.m. | 32 minutes ago Description : Podman Desktop is a graphical tool for developing on containers and Kubernetes. A critical authentication bypass vulnerabilit
Critical vm2 Node.js Flaw Allows Sandbox Escape and Arbitrary Code Execution
A critical sandbox escape vulnerability has been disclosed in the popular vm2 Node.js library that, if successfully exploited, could allow attackers to run arbitrary code on the underlying operating system. The vulnerabi
TP-Link Archer Vulnerability Let Attackers Take Control Over the Router
A critical security advisory has been released for a command injection vulnerability affecting the Archer MR600 v5 router. The flaw, tracked as CVE-2025-14756, enables authenticated attackers to execute arbitrary system
Gemini MCP Tool 0-day Vulnerability Allows Remote Attackers to Execute Arbitrary Code
A critical zero‑day vulnerability in Gemini MCP Tool exposes users to remote code execution (RCE) attacks without any authentication. Tracked as ZDI‑26‑021 / ZDI‑CAN‑27783 and assigned CVE‑2026‑0755, the flaw carries a m