ARTIKEL SUCHE
Threat Feed QueryDurchsuche alle aggregierten Security-Artikel nach Schlagworten, CVE-IDs und Quellen.
[Critical] CVE-2026-9559 – A path traversal vulnerability exists in the campaign import feature of Mautic 7...
Critical CVE-2026-9559 A path traversal vulnerability exists in the campaign import feature of Mautic 7. When extracting uploaded ZIP files during campaign imports, a flaw in the validation logic allows file paths to esc
[Critical] CVE-2025-41277 – Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Ele...
Critical CVE-2025-41277 Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in the Console WebUI in Waterfall WF-500 TX and RX Hosts in ver
[Critical] CVE-2025-41273 – Nozomi Networks Labs identified a CWE-288: Authentication Bypass Using an Altern...
Critical CVE-2025-41273 Nozomi Networks Labs identified a CWE-288: Authentication Bypass Using an Alternate Path or Channel in the Console WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that all
Oracle Critical Security Update – Patch for 35 New Vulnerabilities Across Products
Oracle has rolled out its first Critical Security Patch Update (CSPU), delivering 35 new security fixes for serious vulnerabilities across several major product lines, including Oracle Database, Oracle REST Data Services
[Critical] CVE-2026-49201 – The upload.cgi binary, responsible for processing device backups, contains a har...
Critical CVE-2026-49201 The upload.cgi binary, responsible for processing device backups, contains a hardcoded AES encryption key. This allows an attacker to decrypt, modify, and re-encrypt system backups, facilitating p
[Critical] CVE-2026-9558 – A Server-Side Template Injection (SSTI) vulnerability exists in Mautic's theme e...
Critical CVE-2026-9558 A Server-Side Template Injection (SSTI) vulnerability exists in Mautic's theme engine. The platform renders uploaded Twig templates without a sandbox or strict function restrictions. Authenticated
Chrome 148 Update Patches 151 Vulnerabilities
The browser update resolves critical-severity security defects that could potentially lead to remote code execution. The post Chrome 148 Update Patches 151 Vulnerabilities appeared first on SecurityWeek.
[Critical] CVE-2026-49199 – Crafted MQTT messages can trigger command injection, resulting in root-level cod...
Critical CVE-2026-49199 Crafted MQTT messages can trigger command injection, resulting in root-level code execution on the target device. CVSS: 10.0 · CWE: CWE-77 View on NVD
[Critical] CVE-2026-49200 – The acer_cgi.log file in the device firmware is accessible without authenticatio...
Critical CVE-2026-49200 The acer_cgi.log file in the device firmware is accessible without authentication via the web interface. This file contains cleartext login credentials (for web and Telnet), leading to unauthorize
[Critical] CVE-2026-49197 – Web endpoints intended for the Acer Connect app improperly validate the HTTP Aut...
Critical CVE-2026-49197 Web endpoints intended for the Acer Connect app improperly validate the HTTP Authorization header, failing to block requests when Base64 decoding fails. CVSS: 10.0 · CWE: CWE-287 View on NVD
CVE-2026-49199 - Predator Connect W6x: RCE via MQTT
CVE ID :CVE-2026-49199 Published : May 29, 2026, 8:38 a.m. | 32 minutes ago Description :Crafted MQTT messages can trigger command injection, resulting in root-level code execution on the target device. Severity
CVE-2026-49197 - Predator Connect W6x: Improper Authentication
CVE ID :CVE-2026-49197 Published : May 29, 2026, 8:24 a.m. | 46 minutes ago Description :Web endpoints intended for the Acer Connect app improperly validate the HTTP Authorization header, failing to block requests
[Critical] CVE-2026-3655 – The OTP Login With Phone Number, OTP Verification plugin for WordPress is vulner...
Critical CVE-2026-3655 The OTP Login With Phone Number, OTP Verification plugin for WordPress is vulnerable to authentication bypass in versions 1.8.50 through 1.8.60. This is due to the Firebase verification flow in the
[Critical] CVE-2026-8732 – The WP Maps Pro plugin for WordPress is vulnerable to Privilege Escalation via A...
Critical CVE-2026-8732 The WP Maps Pro plugin for WordPress is vulnerable to Privilege Escalation via Administrator Account Creation in all versions up to, and including, 6.1.0. This is due to the wpgmp_temp_access_ajax
Critical Samba Vulnerability Enables Remote Code Execution Attacks
A critical vulnerability in the Samba printing subsystem, tracked as CVE-2026-4480, has been disclosed, allowing unauthenticated attackers to achieve remote code execution (RCE) on affected systems. The flaw carries a ma
Google Patches 151 Vulnerabilities in Chrome, Including 22 Critical Ones
Google has pushed a major Chrome Stable update that fixes 151 security flaws, including 22 critical vulnerabilities affecting core graphics, networking, media, and UI components across Windows, macOS, and Linux. The Stab
VS Code Remote-SSH RCE Lets Attackers Pivot From Developer Machines to Cloud Servers
A newly disclosed vulnerability in Visual Studio Code’s Remote-SSH extension exposes a critical post-compromise attack path that allows threat actors to pivot from infected developer machines into cloud and production en
Hackers Exploit Microsoft Teams’ Collaboration Features to Impersonate IT Helpdesk Staff
A growing wave of vishing (voice phishing) campaigns in which threat actors abuse Microsoft Teams’ external collaboration features to impersonate IT helpdesk personnel and investigators is now turning to the Microsoft 36
[High] CVE-2026-7480 – An Incorrect Permission Assignment for Critical Resource vulnerability in ASUS S...
High CVE-2026-7480 An Incorrect Permission Assignment for Critical Resource vulnerability in ASUS System Control Interface allows a local user to elevate privileges to SYSTEM and execute arbitrary code via a crafted RPC
[High] CVE-2026-8070 – Incorrect permission assignment for a critical resource in Armoury Crate allows ...
High CVE-2026-8070 Incorrect permission assignment for a critical resource in Armoury Crate allows a local user to bypass the driver’s validation mechanism, resulting in unauthorized read and write access to physical mem