ARTIKEL SUCHE
Threat Feed QueryDurchsuche alle aggregierten Security-Artikel nach Schlagworten, CVE-IDs und Quellen.
Hackers Exploiting SonicWall SMA1000 0-day Vulnerability to Escalate Privileges
Security researchers have discovered a critical privilege escalation vulnerability in SonicWall’s SMA1000 appliance that attackers are actively exploiting to gain unauthorized administrative access. The vulnerability, tr
CVE-2025-64233 - WordPress Codiqa theme < 1.2.8 - PHP Object Injection vulnerability
CVE ID : CVE-2025-64233 Published : Dec. 18, 2025, 8:16 a.m. | 8 hours, 35 minutes ago Description : Deserialization of Untrusted Data vulnerability in BoldThemes Codiqa codiqa allows Object Injection.This issue affec
China-Linked Hackers Exploiting Zero-Day in Cisco Security Gear
The critical zero-day is tracked as CVE-2025-20393 and it impacts Secure Email Gateway and Secure Email and Web Manager appliances. The post China-Linked Hackers Exploiting Zero-Day in Cisco Security Gear appeared first
CVE-2025-47372 - Buffer Copy Without Checking Size of Input in Boot
CVE ID : CVE-2025-47372 Published : Dec. 18, 2025, 6:15 a.m. | 36 minutes ago Description : Memory Corruption when a corrupted ELF image with an oversized file size is read into a buffer without authentication. Sever
CISA Flags Critical ASUS Live Update Flaw After Evidence of Active Exploitation
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a critical flaw impacting ASUS Live Update to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.
Microsoft 365 Services Including Teams, Outlook and Copilot Outage Hits Users in Japan and China
Thousands of users in Japan and China faced widespread access and sign-in disruptions to Microsoft 365 and Copilot services early Thursday, stemming from a critical routing issue in the company’s infrastructure. Microsof
Zeroday Cloud hacking event awards $320,0000 for 11 zero days
The Zeroday Cloud hacking competition in London has awarded researchers $320,000 for demonstrating critical remote code execution vulnerabilities in components used in cloud infrastructure. [...]
CVE-2025-67787 - DriveLock Operations Center Cross Site Scripting (XSS)
CVE ID : CVE-2025-67787 Published : Dec. 17, 2025, 8:15 p.m. | 2 hours, 35 minutes ago Description : An issue was discovered in 25.1.2 before 25.1.5. A Cross Site Scripting (XSS) issue in DriveLock Operations Center a
CVE-2025-67165 - Pagekit CMS IDOR Privilege Escalation
CVE ID : CVE-2025-67165 Published : Dec. 17, 2025, 5:15 p.m. | 3 hours, 35 minutes ago Description : An Insecure Direct Object Reference (IDOR) in Pagekit CMS v1.0.18 allows attackers to escalate privileges. Severity
CVE-2025-20393 - Cisco Secure Email Gateway and Cisco Secure Email and Web Manager Remote Command Execution Vulnerability
CVE ID : CVE-2025-20393 Published : Dec. 17, 2025, 5:15 p.m. | 1 hour, 36 minutes ago Description : Cisco is aware of a potential vulnerability. Cisco is currently investigating and will update these details as appro
CVE-2025-44005 - An attacker can bypass authorization checks and fo
CVE ID : CVE-2025-44005 Published : Dec. 17, 2025, 4:16 p.m. | 35 minutes ago Description : An attacker can bypass authorization checks and force a Step CA ACME or SCEP provisioner to create certificates without compl
Critical React2Shell flaw exploited in ransomware attacks
A ransomware gang exploited the critical React2Shell vulnerability (CVE-2025-55182) to gain initial access to corporate networks and deployed the file-encrypting malware less than a minute later. [...]
Microsoft Desktop Windows Manager Out-Of-Bounds Vulnerability Let Attackers Escalate Privileges
Microsoft has confirmed a critical out-of-bounds vulnerability in the Desktop Window Manager (DWM) that allows local attackers to escalate privileges to SYSTEM on affected Windows systems. The vulnerability, identified a
CVE-2022-23851 - Netaxis API Orchestrator SSTI Vulnerability
CVE ID : CVE-2022-23851 Published : Dec. 17, 2025, 3:15 p.m. | 1 hour, 35 minutes ago Description : Netaxis API Orchestrator (APIO) before 0.19.3 allows server side template injection (SSTI). Severity: 9.8 | CRITICAL
CISA Adds Fortinet Vulnerability to KEV Catalog After Active Exploitation
CISA has officially added CVE-2025-59718 to its Known Exploited Vulnerabilities (KEV) catalog on December 16, 2025. Designating a critical deadline of December 23, 2025, for organizations to apply necessary remediation m
New Moonwalk++ PoC Shows How Malware Can Spoof Windows Call Stacks and Evade Elastic-Inspired Rules
A sophisticated proof-of-concept demonstrating how malware can bypass advanced call stack detection mechanisms increasingly adopted by enterprise security vendors like Elastic. The new Moonwalk++ technique extends prior
Russian state hackers targeted Western critical infrastructure for years, Amazon says
Amazon disclosed a years-long Russian state-backed cyber campaign targeting Western critical infrastructure from 2021 to 2025. Amazon Threat Intelligence reports a long-running Russian state-backed campaign (2021–2025) t
CISA Warns of Gladinet CentreStack and Triofox Vulnerability Exploited in Attacks
CISA issued a critical warning regarding a hardcoded cryptographic key vulnerability affecting Gladinet CentreStack and Triofox file management solutions. The vulnerability, tracked as CVE-2025-14611, poses significant
Chrome Zero-Day Vulnerabilities Exploited in 2025 – A Comprehensive Analysis
Throughout 2025, Google addressed a significant wave of actively exploited zero-day vulnerabilities affecting its Chrome browser, patching a total of eight critical flaws that threatened billions of users worldwide. Thes
NVIDIA Isaac Lab Vulnerability Let Attackers Execute Malicious Code
A critical security update addressing a dangerous deserialization vulnerability in NVIDIA Isaac Lab, a component of the NVIDIA Isaac Sim framework. The flaw could allow attackers to execute arbitrary code on affected sys