ARTIKEL SUCHE
Threat Feed QueryDurchsuche alle aggregierten Security-Artikel nach Schlagworten, CVE-IDs und Quellen.
CVE-2025-15359 - DVP-12SE11T - Out-of-bound memory write Vulnerability
CVE ID : CVE-2025-15359 Published : Dec. 30, 2025, 9:07 a.m. | 29 minutes ago Description : DVP-12SE11T - Out-of-bound memory write Vulnerability Severity: 9.1 | CRITICAL Visit the link for more details, such as CVS
Hackers Exploit Copilot Studio’s New Connected Agents Feature to Gain Backdoor Access
Microsoft’s newly unveiled “Connected Agents” feature in Copilot Studio, announced at Build 2025, is creating a significant security vulnerability. Attackers are already exploiting to gain unauthorized backdoor access to
CVE-2024-25181 - Givanz VvvebJs SSRF and Arbitrary File Reading Vulnerability
CVE ID : CVE-2024-25181 Published : 29. Dezember 2025 20:15 | 21 Stunden, 21 Minuten ago Description : A critical vulnerability has been identified in givanz VvvebJs 1.7.2, which allows both Server-Side Request Forger
New Vulnerabilities in Bluetooth Headphones Let Hackers Hijack Connected Smartphone
Security researchers have disclosed critical vulnerabilities affecting widely used Bluetooth headphones and earbuds that could allow attackers to eavesdrop on conversations, steal sensitive data, and even hijack connecte
Fortinet warns of 5-year-old FortiOS 2FA bypass still exploited in attacks
Fortinet has warned customers that threat actors are still actively exploiting a critical FortiOS vulnerability that allows them to bypass two-factor authentication (2FA) when targeting vulnerable FortiGate firewalls. [.
MongoBleed Detector Tool Released to Detect MongoDB Vulnerability(CVE-2025-14847)
An open-source detection tool to help organizations identify potential exploitation of MongoBleed (CVE-2025-14847), a critical memory disclosure vulnerability affecting MongoDB databases. The vulnerability allows attack
OpenAI Hardened ChatGPT Atlas Against Prompt Injection Attacks
OpenAI has rolled out a critical security update to ChatGPT Atlas, its browser-based AI agent, introducing advanced defenses against prompt injection attacks. The update marks a significant step in protecting users from
MongoBleed (CVE-2025-14847) Now Exploited in the Wild: MongoDB Servers at Critical Risk
A high-severity unauthenticated information-leak vulnerability in MongoDB Server, dubbed MongoBleed after the infamous Heartbleed bug, is now being actively exploited in real-world attacks. MongoDB has disclosed CVE-2025
LangChain core vulnerability allows prompt injection and data exposure
A critical flaw in LangChain Core could allow attackers to steal sensitive secrets and manipulate LLM responses via prompt injection. LangChain Core (langchain-core) is a key Python package in the LangChain ecosystem tha
Mongobleed PoC Exploit Tool Released for MongoDB Flaw that Exposes Sensitive Data
A proof-of-concept (PoC) exploit dubbed “mongobleed” for CVE-2025-14847, a critical unauthenticated memory leak vulnerability in MongoDB’s zlib decompression handling. Dubbed by its creator Joe Desimone as a way to bleed
TeamViewer DEX Vulnerabilities Let Attackers Trigger DoS Attack and Expose Sensitive Data
Multiple critical vulnerabilities in TeamViewer DEX Client’s Content Distribution Service (NomadBranch.exe), formerly part of 1E Client. Affecting Windows versions before 25.11 and select older branches, the flaws stem f
CVE-2024-44065 - Cloudlog Blind SQL Injection
CVE ID : CVE-2024-44065 Published : Dec. 26, 2025, 5:15 p.m. | 3 hours, 42 minutes ago Description : Time-based blind SQL Injection vulnerability in Cloudlog v2.6.15 at the endpoint /index.php/logbookadvanced/search i
CVE-2025-13915 - Authentication bypass in IBM API Connect
CVE ID : CVE-2025-13915 Published : Dec. 26, 2025, 2:15 p.m. | 41 minutes ago Description : IBM API Connect 10.0.8.0 through 10.0.8.5, and 10.0.11.0 could allow a remote attacker to bypass authentication mechanisms an
Critical LangChain Core Vulnerability Exposes Secrets via Serialization Injection
A critical security flaw has been disclosed in LangChain Core that could be exploited by an attacker to steal sensitive secrets and even influence large language model (LLM) responses through prompt injection. LangChain
Critical Langchain Vulnerability Let attackers Exfiltrate Sensitive Secrets from AI systems
A critical vulnerability in LangChain’s core library (CVE-2025-68664) allows attackers to exfiltrate sensitive environment variables and potentially execute code through deserialization flaws. Discovered by a Cyata resea
Net-SNMP Vulnerability Enables Buffer Overflow and the Daemon to Crash
A new critical vulnerability affecting the Net-SNMP software suite has been disclosed, posing a significant risk to network infrastructure worldwide. Tracked as CVE-2025-68615, this security flaw allows remote attackers
CVE-2025-68916 - Riello UPS NetMan 208 Remote File Inclusion Vulnerability
CVE ID : CVE-2025-68916 Published : Dec. 24, 2025, 8:16 p.m. | 41 minutes ago Description : Riello UPS NetMan 208 Application before 1.12 allows cgi-bin/certsupload.cgi /../ directory traversal for file upload with re
CVE-2025-3232 - Mitsubishi Electric Europe smartRTU Missing Authentication for Critical Function
CVE ID : CVE-2025-3232 Published : Dec. 24, 2025, 8:15 p.m. | 41 minutes ago Description : A remote unauthenticated attacker may be able to bypass authentication by utilizing a specific API route to execute arbitrary
CVE-2019-25241 - FaceSentry Access Control System 6.4.8 Remote SSH Root Access
CVE ID : CVE-2019-25241 Published : Dec. 24, 2025, 8:15 p.m. | 41 minutes ago Description : FaceSentry Access Control System 6.4.8 contains a critical authentication vulnerability with hard-coded SSH credentials for t
U.S. Federal Communications Commission (FCC) bans foreign-made drones over national security concerns
The FCC announced a ban on drones and critical components made in foreign countries, citing national security concerns. The U.S. Federal Communications Commission (FCC) said it has banned drones and key components manufa