ARTIKEL SUCHE
Threat Feed QueryDurchsuche alle aggregierten Security-Artikel nach Schlagworten, CVE-IDs und Quellen.
Fortinet patches actively exploited FortiOS SSO auth bypass (CVE-2026-24858)
Fortinet released fixes for a critical FortiOS SSO auth bypass (CVE-2026-24858) actively exploited, impacting FortiOS, FortiManager, and FortiAnalyzer. Fortinet started rolling out patches for a critical FortiOS flaw und
Google Warns of Active Exploitation of WinRAR Vulnerability CVE-2025-8088
Google on Tuesday revealed that multiple threat actors, including nation-state adversaries and financially motivated groups, are exploiting a now-patched critical security flaw in RARLAB WinRAR to establish initial acces
Check Point Harmony SASE Windows Client Vulnerability Enables Privilege Escalation
A critical privilege-escalation vulnerability has been discovered in Check Point’s Harmony SASE (Secure Access Service Edge) Windows client software, affecting versions prior to 12.2. Tracked as CVE-2025-9142, the flaw a
Chrome Security Update Patches Background Fetch API Vulnerability
Chrome versions 144.0.7559.109 and 144.0.7559.110 have been released to the stable channel, addressing a critical security vulnerability in the Background Fetch API. The update is rolling out across Windows, Mac, and Lin
Fortinet Patches CVE-2026-24858 After Active FortiOS SSO Exploitation Detected
Fortinet has begun releasing security updates to address a critical flaw impacting FortiOS that has come under active exploitation in the wild. The vulnerability, assigned the CVE identifier CVE-2026-24858 (CVSS score: 9
Fortinet Confirms Critical FortiCloud SSO Vulnerability(CVE-2026-24858) Actively Exploited in the Wild
Fortinet has confirmed a critical authentication bypass vulnerability in its FortiCloud SSO feature, actively exploited in the wild under CVE-2026-24858. According to an advisory published on January 27, 2026, the flaw a
Google Warns of WinRAR Vulnerability Exploited to Gain Control Over Windows System
A critical security flaw in WinRAR, one of the most widely used file compression tools for Windows, has become a favorite weapon for attackers seeking unauthorized access to computer systems. The vulnerability, tracked a
Critical Vulnerability in VM2 Sandbox Library for Node.js Let Attackers run Untrusted Code
A critical sandbox escape vulnerability has been identified in vm2. This widely used Node.js library provides sandbox isolation for executing untrusted code. The flaw, tracked as CVE-2026-22709 (GHSA-99p7-6v5w-7xg8), aff
CVE-2026-24841 - Dokploy Vulnerable to Authenticated Remote Code Execution via Command Injection in Docker Container Terminal WebSocket Endpoint
CVE ID : CVE-2026-24841 Published : Jan. 28, 2026, 1:16 a.m. | 32 minutes ago Description : Dokploy is a free, self-hostable Platform as a Service (PaaS). In versions prior to 0.26.6, a critical command injection vuln
CVE-2025-14988 - Incorrect Permission Assignment for Critical Resource vulnerability in iba Systems ibaPDA
CVE ID : CVE-2025-14988 Published : Jan. 27, 2026, 8:16 p.m. | 1 hour, 32 minutes ago Description : A security issue has been identified in ibaPDA that could allow unauthorized actions on the file system under certain
Fortinet blocks exploited FortiCloud SSO zero day until patch is ready
Fortinet has confirmed a new, actively exploited critical FortiCloud single sign-on (SSO) authentication bypass vulnerability, tracked as CVE-2026-24858, and says it has mitigated the zero-day attacks by blocking FortiCl
CVE-2026-24832 - Out-of-bounds write in ixray-1.6-stcop
CVE ID : CVE-2026-24832 Published : Jan. 27, 2026, 4:16 p.m. | 1 hour, 32 minutes ago Description : Out-of-bounds Write vulnerability in ixray-team ixray-1.6-stcop.This issue affects ixray-1.6-stcop: before 1.3. Seve
CVE-2026-24872 - Pointer arithmetic error in SkyFire_548
CVE ID : CVE-2026-24872 Published : Jan. 27, 2026, 4:16 p.m. | 1 hour, 32 minutes ago Description : improper pointer arithmetic vulnerability in ProjectSkyfire SkyFire_548.This issue affects SkyFire_548: before 5.4.
CVE-2026-24874 - Type confusion in xray-monolith
CVE ID : CVE-2026-24874 Published : Jan. 27, 2026, 4:16 p.m. | 1 hour, 32 minutes ago Description : Access of Resource Using Incompatible Type ('Type Confusion') vulnerability in themrdemonized xray-monolith.This issu
Critical Grist-Core Vulnerability Allows RCE Attacks via Spreadsheet Formulas
A critical security flaw has been disclosed in Grist‑Core, an open-source, self-hosted version of the Grist relational spreadsheet-database, that could result in remote code execution. The vulnerability, tracked as CVE-2
Attackers Exploiting React2Shell Vulnerability to Attack IT Sectors
Threat actors have started targeting companies in the insurance, e-commerce, and IT sectors through a critical vulnerability tracked as CVE-2025-55182, commonly known as React2Shell. This flaw exists in the Flight protoc
Shadowserver finds 6,000+ likely vulnerable SmarterMail servers exposed online
Shadowserver researchers found 6,000+ SmarterMail servers exposed online and likely vulnerable to a critical auth bypass flaw. Nonprofit security organization Shadowserver reported that over 6,000 SmarterMail servers are
CVE-2026-1470 - Authenticated users can bypass the Expression sandbox mechanism to achieve full remote code execution on n8n’s main node.
CVE ID : CVE-2026-1470 Published : 27. Januar 2026 15:15 | 32 Minuten ago Description : n8n contains a critical Remote Code Execution (RCE) vulnerability in its workflow Expression evaluation system. Expressions suppl
Critical sandbox escape flaw discovered in popular vm2 NodeJS library
A critical-severity vulnerability in the vm2 Node.js sandbox library, tracked as CVE-2026-22709, allows escaping the sandbox and executing arbitrary code on the underlying host system. [...]
CVE-2026-24830 - Integer Overflow or Wraparound in IronOS
CVE ID : CVE-2026-24830 Published : Jan. 27, 2026, 9:28 a.m. | 19 minutes ago Description : Integer Overflow or Wraparound vulnerability in Ralim IronOS.This issue affects IronOS: before v2.23-rc2. Severity: 9.8 | CR