ARTIKEL SUCHE
Threat Feed QueryDurchsuche alle aggregierten Security-Artikel nach Schlagworten, CVE-IDs und Quellen.
CVE-2026-21624 - Extension - stackideas.com - Persistent XSS in EasyDiscuss component 1.0.0-5.0.15 for Joomla
CVE ID : CVE-2026-21624 Published : Jan. 16, 2026, 3:15 p.m. | 14 minutes ago Description : Lack of input filterung leads to a persistent XSS vulnerability in the user avatar text handling of the Easy Discuss componen
China-Linked APT Exploits Sitecore Zero-Day in Attacks on American Critical Infrastructure
A threat actor likely aligned with China has been observed targeting critical infrastructure sectors in North America since at least last year. Cisco Talos, which is tracking the activity under the name UAT-8837, assesse
China-linked hackers exploited Sitecore zero-day for initial access
An advanced threat actor tracked as UAT-8837 and believed to be linked to China has been focusing on critical infrastructure systems in North America, gaining access by exploiting both known and zero-day vulnerabilities.
China-linked APT UAT-9686 abused now patched maximum severity AsyncOS bug
Cisco fixed a maximum severity AsyncOS flaw in Secure Email products, previously exploited as a zero-day by China-linked APT group UAT-9686. Cisco fixed a critical AsyncOS flaw, tracked as CVE-2025-20393 (CVSS score of 1
Cisco 0-Day RCE Secure Email Gateway Vulnerability Exploited in the Wild
Cisco has confirmed active exploitation of a critical zero-day remote code execution vulnerability in its Secure Email Gateway and Secure Email and Web Manager appliances. Tracked as CVE-2025-20393, the flaw allows unaut
Actively exploited critical flaw in Modular DS WordPress plugin enables admin takeover
A critical Modular DS WordPress flaw (CVE-2026-23550) is actively exploited, enabling unauthenticated privilege escalation. Threat actors are actively exploiting a critical Modular DS WordPress vulnerability tracked as C
Go 1.25.6 and 1.24.12 Patch Critical Vulnerabilities Lead to DoS and Memory Exhaustion Risks
The Go programming language team has rolled out emergency point releases, Go 1.25.6 and 1.24.12, to address six high-impact security flaws. These updates fix denial-of-service (DoS) vectors, arbitrary code execution risk
New AWS Console Supply Chain Attack Lets Attackers Hijack AWS GitHub Repositories
A critical misconfiguration in AWS CodeBuild enabled unauthenticated attackers to seize control of key AWS-owned GitHub repositories, including the widely used AWS JavaScript SDK powering the AWS Console itself. This sup
Hackers now exploiting critical Fortinet FortiSIEM flaw in attacks
Attackers are now exploiting a critical Fortinet FortiSIEM vulnerability with publicly available proof-of-concept exploit code. [...]
CVE-2025-62581 - DIAView - Authentication Bypass Vulnerability
CVE ID : CVE-2025-62581 Published : Jan. 16, 2026, 2:20 a.m. | 1 hour, 8 minutes ago Description : Delta Electronics DIAView has multiple vulnerabilities. Severity: 9.8 | CRITICAL Visit the link for more details, su
CVE-2025-62582 - DIAView - Authentication Bypass Vulnerability
CVE ID : CVE-2025-62582 Published : Jan. 16, 2026, 2:03 a.m. | 1 hour, 25 minutes ago Description : Delta Electronics DIAView has multiple vulnerabilities. Severity: 9.8 | CRITICAL Visit the link for more details, s
AWS CodeBuild Misconfiguration Exposed GitHub Repos to Potential Supply Chain Attacks
A critical misconfiguration in Amazon Web Services (AWS) CodeBuild could have allowed complete takeover of the cloud service provider's own GitHub repositories, including its AWS JavaScript SDK, putting every AWS environ
Critical WordPress Modular DS Plugin Flaw Actively Exploited to Gain Admin Access
A maximum-severity security flaw in a WordPress plugin called Modular DS has come under active exploitation in the wild, according to Patchstack. The vulnerability, tracked as CVE-2026-23550 (CVSS score: 10.0), has been
CVE-2026-23527 - Request Smuggling (TE.TE) in h3 v1
CVE ID : CVE-2026-23527 Published : Jan. 15, 2026, 8:16 p.m. | 1 hour, 14 minutes ago Description : H3 is a minimal H(TTP) framework built for high performance and portability. Prior to 1.15.5, there is a critical HTT
Fortinet FortiSIEM Vulnerability CVE-2025-64155 Actively Exploited in Attacks
Fortinet FortiSIEM vulnerability CVE-2025-64155 is under active exploitation, as confirmed by Defused through their honeypot deployments. This critical OS command injection flaw enables unauthenticated remote code execut
Windows Remote Assistance Vulnerability Allow Attacker to Bypass Security Features
Critical security updates addressing CVE-2026-20824, a protection mechanism failure in Windows Remote Assistance that permits attackers to circumvent the Mark of the Web (MOTW) defense system. The vulnerability was discl
CVE-2026-22907 - Apache Server Filesystem Access Vulnerability
CVE ID : CVE-2026-22907 Published : Jan. 15, 2026, 1:16 p.m. | 14 minutes ago Description : An attacker may gain unauthorized access to the host filesystem, potentially allowing them to read and modify system data. S
CVE-2026-22908 - Apache Docker Image Injection Vulnerability
CVE ID : CVE-2026-22908 Published : Jan. 15, 2026, 1:16 p.m. | 14 minutes ago Description : Uploading unvalidated container images may allow remote attackers to gain full access to the system, potentially compromising
New Vulnerability in n8n
This isn’t good: We discovered a critical vulnerability (CVE-2026-21858, CVSS 10.0) in n8n that enables attackers to take over locally deployed instances, impacting an estimated 100,000 servers globally. No official work
Critical Cal.com Vulnerability Let Attackers Bypass Authentication and Hijack any User Account
A critical authentication bypass vulnerability in Cal.com’s scheduling platform enables attackers to hijack any user account by exploiting a flaw in the NextAuth JWT callback mechanism. Tracked as CVE-2026-23478, this vu