ARTIKEL SUCHE
Threat Feed QueryDurchsuche alle aggregierten Security-Artikel nach Schlagworten, CVE-IDs und Quellen.
20,000 WordPress Sites Affected by Backdoor Vulnerability Allowing Malicious Admin User Creation
A critical backdoor vulnerability has been discovered in the LA-Studio Element Kit for Elementor, a popular WordPress plugin used by more than 20,000 active sites. This security flaw allows attackers to create administra
CVE-2025-70983 - SpringBlade Authentication Privilege Escalation Vulnerability
CVE ID : CVE-2025-70983 Published : Jan. 23, 2026, 7:15 p.m. | 2 hours, 22 minutes ago Description : Incorrect access control in the authRoutes function of SpringBlade v4.5.0 allows attackers with low-level privileges
CVE-2025-70985 - RuoYi Arbitrary Data Modification Vulnerability
CVE ID : CVE-2025-70985 Published : Jan. 23, 2026, 7:15 p.m. | 2 hours, 21 minutes ago Description : Incorrect access control in the update function of RuoYi v4.8.2 allows unauthorized attackers to arbitrarily modify
Hackers exploit critical telnetd auth bypass flaw to get root
A coordinated campaign has been observed targeting a recently disclosed critical-severity vulnerability that has been present in the GNU InetUtils telnetd server for 11 years. [...]
HPE Alletra and Nimble Storage Vulnerability Grants Admin Access to Remote Attacker
A critical privilege escalation vulnerability affecting multiple storage platforms could allow remote attackers to gain administrative access without physical interaction. The flaw, tracked as CVE-2026-23594, impacts HPE
Fortinet confirms critical FortiCloud auth bypass not fully patched
Days after admins began reporting that their fully patched firewalls are being hacked, Fortinet confirmed it's working to fully address a critical FortiCloud SSO authentication bypass vulnerability that should have alrea
CVE-2026-24304 - Azure Resource Manager Elevation of Privilege Vulnerability
CVE ID : CVE-2026-24304 Published : Jan. 23, 2026, 2:15 a.m. | 1 hour, 20 minutes ago Description : Improper access control in Azure Resource Manager allows an authorized attacker to elevate privileges over a network.
CVE-2026-24307 - M365 Copilot Information Disclosure Vulnerability
CVE ID : CVE-2026-24307 Published : Jan. 22, 2026, 11:15 p.m. | 20 minutes ago Description : Improper validation of specified type of input in M365 Copilot allows an unauthorized attacker to disclose information over
CVE-2026-24305 - Azure Entra ID Elevation of Privilege Vulnerability
CVE ID : CVE-2026-24305 Published : Jan. 22, 2026, 11:15 p.m. | 20 minutes ago Description : Azure Entra ID Elevation of Privilege Vulnerability Severity: 9.3 | CRITICAL Visit the link for more details, such as CVSS
CVE-2026-24306 - Azure Front Door Elevation of Privilege Vulnerability
CVE ID : CVE-2026-24306 Published : Jan. 22, 2026, 11:15 p.m. | 20 minutes ago Description : Improper access control in Azure Front Door (AFD) allows an unauthorized attacker to elevate privileges over a network. Sev
CVE-2025-54816 - EVMAPA Missing Authentication for Critical Function
CVE ID : CVE-2025-54816 Published : Jan. 22, 2026, 11:15 p.m. | 20 minutes ago Description : This vulnerability occurs when a WebSocket endpoint does not enforce proper authentication mechanisms, allowing unauthorize
CVE-2026-24058 - Soft Serve has Critical Authentication Bypass
CVE ID : CVE-2026-24058 Published : Jan. 22, 2026, 10:16 p.m. | 1 hour, 19 minutes ago Description : Soft Serve is a self-hostable Git server for the command line. Versions 0.11.2 and below have a critical authenticat
Critical GNU InetUtils telnetd Flaw Lets Attackers Bypass Login and Gain Root Access
A critical security flaw has been disclosed in the GNU InetUtils telnet daemon (telnetd) that went unnoticed for nearly 11 years. The vulnerability, tracked as CVE-2026-24061, is rated 9.8 out of 10.0 on the CVSS scoring
Hackers Hijacking Snap Domains to Posion Linux Software Packages for Desktops and Servers
Security vulnerabilities in the Canonical Snap Store have reached a critical level as attackers continue to distribute malicious software through the popular Linux package repository. Scammers are deploying fraudulent cr
Attackers Reverse‑Engineer Patch to Exploit SmarterMail Admin Bypass in the Wild
A critical authentication bypass vulnerability in SmarterTools SmarterMail is actively being exploited in the wild by attackers, according to security researchers at watchTowr Labs. The vulnerability, tracked as WT-2026-
Critical SmarterMail vulnerability under attack, no CVE yet
A SmarterMail flaw (WT-2026-0001) is under active attack just days after its January 15 patch, with no CVE assigned yet. A newly disclosed flaw in SmarterTools SmarterMail is being actively exploited just two days after
Critical Vivotek Vulnerability Allows Remote Users to Inject Arbitrary Code
A critical remote code injection vulnerability in Vivotek legacy firmware that enables unauthenticated attackers to execute arbitrary commands with root privileges. The vulnerability, tracked as CVE-2026-22755, affects d
Critical Vulnerability in Binary-Parser Library for Node.js Allows Malicious Code injection
A critical code-injection vulnerability has been identified in the Node.js binary-parser library, affecting all versions before 2.3.0. The flaw allows attackers to execute arbitrary JavaScript code if untrusted input is
Critical Chainlit AI Vulnerabilities Let Hackers Gain Control Over Cloud Environments
Cybersecurity researchers have uncovered two critical security flaws in Chainlit, a widely used open-source AI framework with over 700,000 monthly downloads. The vulnerabilities allow attackers to steal sensitive cloud c
Cisco Fixes Actively Exploited Zero-Day CVE-2026-20045 in Unified CM and Webex
Cisco has released fresh patches to address what it described as a "critical" security vulnerability impacting multiple Unified Communications (CM) products and Webex Calling Dedicated Instance that it has been actively