ARTIKEL SUCHE
Threat Feed QueryDurchsuche alle aggregierten Security-Artikel nach Schlagworten, CVE-IDs und Quellen.
Critical MongoDB Vulnerability Exposes Sensitive Data via Zlib Compression
A critical security vulnerability, tracked as CVE-2025-14847, that could allow attackers to extract uninitialized heap memory from database servers without authentication. The flaw resides in MongoDB’s zlib compression i
Ransomware Attack on Romanian Waters Authority – 1,000+ IT Systems Compromised
Romania’s National Administration “Apele Române” (Romanian Waters) disclosed a severe ransomware attack on December 20, 2025. That compromised approximately 1,000 IT systems across the agency and 10 of its 11 regional wa
Operation PCPcat Hacked 59,000+ Next.js/React Servers Within 48 Hours
A massive credential-theft campaign dubbed PCPcat compromised 59,128 Next.js servers in under 48 hours. The operation exploits critical vulnerabilities CVE-2025-29927 and CVE-2025-66478, achieving a 64.6% success rate ac
CVE-2025-51511 - Cadmium CMS File Upload Vulnerability
CVE ID : CVE-2025-51511 Published : Dec. 23, 2025, 6:15 p.m. | 2 hours, 41 minutes ago Description : Cadmium CMS v.0.4.9 has a background arbitrary file upload vulnerability in /admin/content/filemanager/uploads. Sev
CVE-2024-57521 - RuoYi SQL Injection Remote Code Execution
CVE ID : CVE-2024-57521 Published : Dec. 23, 2025, 5:15 p.m. | 3 hours, 41 minutes ago Description : SQL Injection vulnerability in RuoYi v.4.7.9 and before allows a remote attacker to execute arbitrary code via the c
CVE-2025-29228 - Linksys E5600 Command Injection Vulnerability
CVE ID : CVE-2025-29228 Published : Dec. 23, 2025, 5:15 p.m. | 3 hours, 41 minutes ago Description : Linksys E5600 V1.1.0.26 is vulnerable to command injection in the runtime.macClone function via the mc.ip parameter.
CVE-2025-29229 - Linksys E5600 Remote Command Injection Weakness
CVE ID : CVE-2025-29229 Published : Dec. 23, 2025, 5:15 p.m. | 1 hour, 41 minutes ago Description : linksys E5600 V1.1.0.26 is vulnerable to command injection in the function ddnsStatus. Severity: 9.8 | CRITICAL Vis
Microsoft Teams to Enforce Messaging Safety Defaults Starting January 2026
Microsoft is strengthening the security posture of enterprise collaboration by automatically enabling critical messaging safety features in Microsoft Teams. According to a new administrative update, the company will swit
CVE-2025-50526 - Netgear EX8000 Command Injection
CVE ID : CVE-2025-50526 Published : Dec. 23, 2025, 4:16 p.m. | 2 hours, 40 minutes ago Description : Netgear EX8000 V1.0.0.126 was discovered to contain a command injection vulnerability via the switch_status function
CVE-2025-67108 - eProsima Fast-DDS Data Validation Vulnerability
CVE ID : CVE-2025-67108 Published : Dec. 23, 2025, 4:16 p.m. | 40 minutes ago Description : eProsima Fast-DDS v3.3 was discovered to contain improper validation for ticket revocation, resulting in insecure communicati
Critical n8n flaw could enable arbitrary code execution
A critical flaw in the n8n automation platform could allow attackers to execute arbitrary code if exploited under specific conditions. Researchers warn that a critical vulnerability, tracked as CVE-2025-68613 (CVSS score
Critical n8n Automation Platform Vulnerability Enables RCE Attacks – 103,000+ Instances Exposed
A critical remote code execution vulnerability has been discovered in n8n, the open-source workflow automation platform, exposing over 103,000 potentially vulnerable instances worldwide. Tracked as CVE-2025-68613 with a
Windows Imaging Component Vulnerability Can Lead to RCE Attacks Under Complex Attack Scenarios
A comprehensive analysis of CVE-2025-50165, a critical Windows vulnerability affecting the Windows Imaging Component (WIC). That could potentially enable remote code execution through specially crafted JPEG files. Howeve
PoC Exploit Released HPE OneView Vulnerability that Enables Remote Code Execution
Security researchers have released a Proof-of-Concept (PoC) exploit for a critical vulnerability in HPE OneView, a popular IT infrastructure management platform. The flaw, tracked as CVE-2025-37164, carries a maximum CVS
CISA Adds Digiever Authorization Vulnerability to KEV List Following Active Exploitation
A critical vulnerability affecting Digiever DS-2105 Pro network video recorders was added to the Known Exploited Vulnerabilities (KEV) catalog on December 22, 2025, following evidence of active exploitation in the wild.
Critical n8n Flaw (CVSS 9.9) Enables Arbitrary Code Execution Across Thousands of Instances
A critical security vulnerability has been disclosed in the n8n workflow automation platform that, if successfully exploited, could result in arbitrary code execution under certain circumstances. The vulnerability, track
FCC Bans Foreign-Made Drones and Key Parts Over U.S. National Security Risks
The U.S. Federal Communications Commission (FCC) on Monday announced a ban on all drones and critical components made in a foreign country, citing national security concerns. To that end, the agency has added to its Cove
Romanian Waters confirms cyberattack, critical water operations unaffected
Romania’s national water management authority, Romanian Waters, was hit by a ransomware attack over the weekend. Romanian Waters (Administrația Națională Apele Române), the country’s water management authority, suffered
CVE-2025-67288 - Umbraco CMS PDF File Upload Remote Code Execution
CVE ID : CVE-2025-67288 Published : Dec. 22, 2025, 7:15 p.m. | 1 hour, 40 minutes ago Description : An arbitrary file upload vulnerability in Umbraco CMS v16.3.3 allows attackers to execute arbitrary code via uploadin
Sleeping Bouncer Vulnerability Impacts Motherboards from Gigabyte, MSI, ASRock and ASUS
A significant security vulnerability has emerged affecting motherboards from Gigabyte, MSI, ASRock, and ASUS. Riot Games analysts and researchers identified a critical flaw during their ongoing investigation into gaming