ARTIKEL SUCHE
Threat Feed QueryDurchsuche alle aggregierten Security-Artikel nach Schlagworten, CVE-IDs und Quellen.
[High] CVE-2026-5768 – The Frontier X2 device allows unauthenticated BLE read/write access to critical ...
High CVE-2026-5768 The Frontier X2 device allows unauthenticated BLE read/write access to critical GATT characteristics without enforcing pairing authentication or authorization. This allows attackers within BLE range to
CVE-2026-5386 - KMW CCTV Security Cameras Unverified Password Change
CVE ID :CVE-2026-5386 Published : May 29, 2026, 6:17 p.m. | 54 minutes ago Description :The affected KMW CCTV Security Cameras are vulnerable to a critical unauthenticated password reset. This flaw allows an attack
CVE-2026-5768 - Fourth Frontier Frontier X Mobile Application, Frontier X2 Missing Authentication for Critical Function
CVE ID :CVE-2026-5768 Published : May 29, 2026, 6:17 p.m. | 54 minutes ago Description :The Frontier X2 device allows unauthenticated BLE read/write access to critical GATT characteristics without enforcing pairing
[Critical] CVE-2026-45630 – Dokploy is a free, self-hostable Platform as a Service (PaaS). In 0.28.8 and ear...
Critical CVE-2026-45630 Dokploy is a free, self-hostable Platform as a Service (PaaS). In 0.28.8 and earlier, authenticated OS command injection in the application.updateTraefikConfig tRPC endpoint allows admin/owner use
[Critical] CVE-2026-45633 – Dokploy is a free, self-hostable Platform as a Service (PaaS). In 0.26.6 and ear...
Critical CVE-2026-45633 Dokploy is a free, self-hostable Platform as a Service (PaaS). In 0.26.6 and earlier, Dokploy contains a command injection vulnerability in the /docker-container-logs WebSocket endpoint. The tail
[Critical] CVE-2026-45661 – Dokploy is a free, self-hostable Platform as a Service (PaaS). In 0.26.5 and ear...
Critical CVE-2026-45661 Dokploy is a free, self-hostable Platform as a Service (PaaS). In 0.26.5 and earlier, a critical path traversal vulnerability exists in Dokploy v0.26.5 that allows authenticated users to write arb
[Critical] CVE-2026-45668 – Trilium Notes is a cross-platform, hierarchical note taking application focused ...
Critical CVE-2026-45668 Trilium Notes is a cross-platform, hierarchical note taking application focused on building large personal knowledge bases. Prior to 0.102.2, a malicious ZIP archive imported with safe import enab
CVE-2026-45661 - Dokploy: Remote Code Execution through Path Traversal
CVE ID :CVE-2026-45661 Published : May 29, 2026, 6:17 p.m. | 54 minutes ago Description :Dokploy is a free, self-hostable Platform as a Service (PaaS). In 0.26.5 and earlier, a critical path traversal vulnerability
[Critical] CVE-2026-44962 – Plesk contains an XPath injection vulnerability in the APS Application Catalog s...
Critical CVE-2026-44962 Plesk contains an XPath injection vulnerability in the APS Application Catalog search functionality, where user-supplied input is interpolated into XPath queries without proper sanitization. This
[Critical] CVE-2026-4290 – The WP Travel Pro plugin for WordPress is vulnerable to arbitrary user deletion ...
Critical CVE-2026-4290 The WP Travel Pro plugin for WordPress is vulnerable to arbitrary user deletion via the /wp-json/wp-travel/v1/travel-guide/{user_id} REST API endpoint in all versions up to, and including, 10.6.0.
[Critical] CVE-2026-10042 – manga-image-translator contains a remote code execution vulnerability in the sha...
Critical CVE-2026-10042 manga-image-translator contains a remote code execution vulnerability in the shared API server mode due to unsafe deserialization of untrusted pickle data in the share.py module, where the /execut
[Critical] CVE-2026-46376 – FreePBX is an open source IP PBX. From 15.0.42 to before 16.0.45 and 17.0.7, una...
Critical CVE-2026-46376 FreePBX is an open source IP PBX. From 15.0.42 to before 16.0.45 and 17.0.7, unauthenticated users may be able to access the User Control Panel (UCP) using hard-coded initial template credentials
[Critical] CVE-2026-8326 – Path traversal vulnerability in Remote Spark (https://www.Remotespark.Com/) Spar...
Critical CVE-2026-8326 Path traversal vulnerability in Remote Spark (https://www.Remotespark.Com/) SparkView allows reading and writing arbitrary files in all directories as root. This leads to RCE. The affected componen
[Critical] CVE-2026-9508 – Incorrect permission settings on a critical resource in Suprema BioStar 2 (versi...
Critical CVE-2026-9508 Incorrect permission settings on a critical resource in Suprema BioStar 2 (versions 2.9.3 through 2.9.11) that allow backup files to be publicly exposed when the administrator configures their path
CVE-2026-9508 - Incorrect Permission Assignment for Critical Resource vulnerability in Suprema's BioStar
CVE ID :CVE-2026-9508 Published : May 29, 2026, 1:16 p.m. | 1 hour, 55 minutes ago Description :Incorrect permission settings on a critical resource in Suprema BioStar 2 (versions 2.9.3 through 2.9.11) that allow b
[Critical] CVE-2026-45312 – RAGFlow is an open-source RAG (Retrieval-Augmented Generation) engine. In 0.24.0...
Critical CVE-2026-45312 RAGFlow is an open-source RAG (Retrieval-Augmented Generation) engine. In 0.24.0 and earlier, a Jinja2 template injection in the prompt generator (rag/prompts/generator.py) allows any authenticate
Gogs Zero-Day Exposes Servers to Remote Code Execution
The critical-severity issue, assigned a CVSS score of 9.4, is an argument injection flaw that can be exploited by authenticated attackers via pull requests with malicious branch names. The post Gogs Zero-Day Exposes Serv
[Critical] CVE-2026-9559 – A path traversal vulnerability exists in the campaign import feature of Mautic 7...
Critical CVE-2026-9559 A path traversal vulnerability exists in the campaign import feature of Mautic 7. When extracting uploaded ZIP files during campaign imports, a flaw in the validation logic allows file paths to esc
[Critical] CVE-2025-41277 – Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Ele...
Critical CVE-2025-41277 Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in the Console WebUI in Waterfall WF-500 TX and RX Hosts in ver
[Critical] CVE-2025-41273 – Nozomi Networks Labs identified a CWE-288: Authentication Bypass Using an Altern...
Critical CVE-2025-41273 Nozomi Networks Labs identified a CWE-288: Authentication Bypass Using an Alternate Path or Channel in the Console WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that all