ARTIKEL SUCHE
Threat Feed QueryDurchsuche alle aggregierten Security-Artikel nach Schlagworten, CVE-IDs und Quellen.
CVE-2026-24811 - An improper pointer arithmetic in root-project/root at builtins/zlib/inffast.c
CVE ID : CVE-2026-24811 Published : Jan. 27, 2026, 9:15 a.m. | 32 minutes ago Description : Vulnerability in root-project root (builtins/zlib modules). This vulnerability is associated with program files inffast.C. T
CVE-2026-24812 - An improper pointer arithmetic in root-project/root at builtins/zlib/inftrees.c
CVE ID : CVE-2026-24812 Published : Jan. 27, 2026, 9:15 a.m. | 32 minutes ago Description : Vulnerability in root-project root (builtins/zlib modules). This vulnerability is associated with program files inftrees.C.
Over 6,000 SmarterMail servers exposed to automated hijacking attacks
Nonprofit security organization Shadowserver has found over 6,000 SmarterMail servers exposed online and likely vulnerable to attacks exploiting a critical authentication bypass vulnerability. [...]
Critical Vulnerability in Python PLY Library Enables Remote Code Execution – PoC Published
A critical vulnerability has been identified in the PyPI-distributed version of PLY (Python Lex-Yacc) 3.11, allowing arbitrary code execution through unsafe deserialization of untrusted pickle files. The vulnerability, a
Multiple Vulnerabilities in React Server Components Enable DoS Attacks
Multiple critical security vulnerabilities have recently been disclosed in React Server Components, enabling threat actors to launch Denial-of-Service (DoS) attacks against vulnerable servers. The flaws, tracked as CVE-2
CVE-2026-22696 - dcap-qvl has Missing Verification for QE Identity
CVE ID : CVE-2026-22696 Published : Jan. 26, 2026, 10:15 p.m. | 1 hour, 31 minutes ago Description : dcap-qvl implements the quote verification logic for DCAP (Data Center Attestation Primitives). A vulnerability pres
⚡ Weekly Recap: Firewall Flaws, AI-Built Malware, Browser Traps, Critical CVEs & More
Security failures rarely arrive loudly. They slip in through trusted tools, half-fixed problems, and habits people stop questioning. This week’s recap shows that pattern clearly. Attackers are moving faster than defenses
CVE-2025-70982 - SpringBlade Unprivileged User Data Import Vulnerability
CVE ID : CVE-2025-70982 Published : Jan. 26, 2026, 5:16 p.m. | 2 hours, 31 minutes ago Description : Incorrect access control in the importUser function of SpringBlade v4.5.0 allows attackers with low-level privileges
800K+ GNU InetUtils telnetd Instances Exposed to RCE Attacks – PoC Released
A critical authentication bypass vulnerability in the telnetd component of GNU Inetutils has exposed approximately 800,000 internet-accessible Telnet instances to unauthenticated remote code execution (RCE). Tracked as C
MITRE Releases New Cybersecurity Framework to Protect the Embedded Systems
A new Embedded Systems Threat Matrix™ (ESTM) framework was introduced to help secure embedded systems used in critical infrastructure and defense technologies across the U.S. Developed collaboratively with the Air Force’
Nearly 800,000 Telnet servers exposed to remote attacks
Internet security watchdog Shadowserver tracks nearly 800,000 IP addresses with Telnet fingerprints amid ongoing attacks exploiting a critical authentication bypass vulnerability in the GNU InetUtils telnetd server. [...
Apache Hadoop Vulnerability Exposes Systems Potential Crashes or Data Corruption
A moderate-severity vulnerability in the Hadoop Distributed File System (HDFS) native client could allow attackers to trigger system crashes or corrupt critical data through maliciously crafted URI inputs. The vulnerabil
New Instagram Vulnerability Exposes Private Instagram Posts to Anyone
A critical server-side vulnerability in Instagram’s infrastructure allowed unauthenticated attackers to access private photos and captions without a login or follower relationship, according to a disclosure released this
Sandworm APT Group Targeting Poland’s Power Grid with DynoWiper Malware
Late December 2025 brought alarming news to Poland as its energy infrastructure became the target of what security experts describe as the country’s largest cyberattack in years. The Russian-aligned Sandworm group, known
CISA says critical VMware RCE flaw now actively exploited
CISA has flagged a critical VMware vCenter Server vulnerability as actively exploited and ordered U.S. federal agencies to secure their servers within three weeks. [...]
2024 VMware Flaw Now in Attackers’ Crosshairs
The critical-severity vulnerability can be exploited via crafted network packets for remote code execution. The post 2024 VMware Flaw Now in Attackers’ Crosshairs appeared first on SecurityWeek.
CISA Warns of Critical VMware vCenter RCE Vulnerability Now Exploited in Attacks
The Cybersecurity and Infrastructure Security Agency (CISA) has added a critical vulnerability affecting Broadcom’s VMware vCenter Server to its Known Exploited Vulnerabilities (KEV) catalog. This addition confirms that
CISA Adds Actively Exploited VMware vCenter Flaw CVE-2024-37079 to KEV Catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added a critical security flaw affecting Broadcom VMware vCenter Server that was patched in June 2024 to its Known Exploited Vulnerabilities (KEV
Hackers Exploiting telnetd Vulnerability for Root Access – Public PoC Released
Active exploitation of a critical authentication bypass vulnerability in the GNU InetUtils telnetd server (CVE-2026-24061) has been observed in the wild, allowing unauthenticated attackers to gain root access to Linux sy
11-Year-Old critical telnetd flaw found in GNU InetUtils (CVE-2026-24061)
Critical telnetd flaw CVE-2026-24061 (CVSS 9.8) affects all GNU InetUtils versions 1.9.3–2.7 and went unnoticed for nearly 11 years. A critical vulnerability, tracked as CVE-2026-24061 (CVSS score of 9.8), in the GNU Ine