ARTIKEL SUCHE
Threat Feed QueryDurchsuche alle aggregierten Security-Artikel nach Schlagworten, CVE-IDs und Quellen.
Critical RSC Bugs in React and Next.js Allow Unauthenticated Remote Code Execution
A maximum-severity security flaw has been disclosed in React Server Components (RSC) that, if successfully exploited, could result in remote code execution. The vulnerability, tracked as CVE-2025-55182, carries a CVSS sc
Longwatch RCE Vulnerability Let Attackers Execute Remote Code With Elevated Privileges
A critical security vulnerability has been discovered in Industrial Video & Control’s Longwatch video surveillance system, allowing attackers to execute malicious code with elevated privileges remotely. The flaw, tracked
WordPress King Addons Flaw Under Active Attack Lets Hackers Make Admin Accounts
A critical security flaw impacting a WordPress plugin known as King Addons for Elementor has come under active exploitation in the wild. The vulnerability, CVE-2025-8489 (CVSS score: 9.8), is a case of privilege escalati
Hackers Exploit Critical Yearn Finance’s yETH Pool Vulnerability to Steal $9 Million in Ethereum
The decentralized finance sector witnessed a devastating breach targeting Yearn Finance’s yETH pool, resulting in the theft of approximately $9 million on November 30, 2025. The attacker executed a highly sophisticated e
Critical King Addons Vulnerability Exploited to Hack WordPress Sites
A critical-severity vulnerability in the King Addons for Elementor plugin for WordPress has been exploited to take over websites. The post Critical King Addons Vulnerability Exploited to Hack WordPress Sites appeared fir
CISA Warns of Android 0-Day Vulnerability Exploited in Attacks
CISA has added two critical Android Framework vulnerabilities to its Known Exploited Vulnerabilities catalog, signaling active exploitation in the wild. The vulnerabilities affect the Android OS and pose significant risk
MuddyWater Attacks Critical Infrastructure With Custom Malware and Improved Tactics
MuddyWater, an Iran-aligned cyberespionage group also known as Mango Sandstorm, has launched a new, highly targeted campaign against critical infrastructure in Israel and Egypt. Active from September 2024 through March 2
Microsoft Confirms Windows 11 25H2 UI Features Broken Along With 24H2 Following Update
Microsoft has officially confirmed a critical issue affecting enterprise and managed environments running Windows 11 versions 24H2 and 25H2. The bug, first triggered by cumulative updates released in July 2025, causes wi
Microsoft Silently Mitigated Exploited LNK Vulnerability
Windows now displays in the properties tab of LNK files critical information that could reveal malicious code. The post Microsoft Silently Mitigated Exploited LNK Vulnerability appeared first on SecurityWeek.
Critical Elementor Plugin Vulnerability Let Attackers Takeover WordPress Site Admin Control
A critical security flaw in the popular “King Addons for Elementor” WordPress plugin has left thousands of websites at risk of complete takeover, security researchers have warned. The vulnerability, tracked as CVE-2025-8
Angular Platform Vulnerability Allows Malicious Code Execution Via Weaponized SVG Animation Files
A critical Stored XSS vulnerability in Angular’s template compiler (CVE-2025-66412) allows attackers to execute arbitrary code by weaponizing SVG animation attributes. Bypassing Angular’s built-in security sanitization m
Critical Elementor Plugin Vulnerability Let Attackers Takeover WordPress Site Admin Control
A serious vulnerability has been discovered in the King Addons for Elementor WordPress plugin, affecting more than 10,000 active installations worldwide. The flaw allows unauthenticated attackers to gain full administrat
CISA Warns of Iskra iHUB Vulnerability Allowing Remote Device Reconfiguration
A critical warning regarding a severe authentication vulnerability affecting Iskra’s iHUB and iHUB Lite intelligent metering gateways used in energy infrastructure worldwide. The flaw, tracked as CVE-2025-13510, carries
Picklescan Bugs Allow Malicious PyTorch Models to Evade Scans and Execute Code
Three critical security flaws have been disclosed in an open-source utility called Picklescan that could allow malicious actors to execute arbitrary code by loading untrusted PyTorch models, effectively bypassing the too
CVE-2025-62575 - Mirion Medical EC2 Software NMIS BioDose Incorrect Permission Assignment for Critical Resource
CVE ID : CVE-2025-62575 Published : Dec. 2, 2025, 9:15 p.m. | 1 hour, 33 minutes ago Description : NMIS/BioDose V22.02 and previous versions rely on a Microsoft SQL Server database. The SQL user account 'nmdbuser' and
CVE-2025-64298 - Mirion Medical EC2 Software NMIS BioDose Incorrect Permission Assignment for Critical Resource
CVE ID : CVE-2025-64298 Published : Dec. 2, 2025, 9:15 p.m. | 1 hour, 33 minutes ago Description : NMIS/BioDose V22.02 and previous version installations where the embedded Microsoft SQLServer Express is used are expo
CVE-2025-64642 - Mirion Medical EC2 Software NMIS BioDose Incorrect Permission Assignment for Critical Resource
CVE ID : CVE-2025-64642 Published : Dec. 2, 2025, 9:15 p.m. | 1 hour, 33 minutes ago Description : NMIS/BioDose V22.02 and previous versions' installation directory paths by default have insecure file permissions, whi
CVE-2025-13510 - Iskra iHUB and iHUB Lite has a Missing Authentication for Critical Function vulnerabilitiy
CVE ID : CVE-2025-13510 Published : Dec. 2, 2025, 8:15 p.m. | 33 minutes ago Description : The Iskra iHUB and iHUB Lite smart metering gateway exposes its web management interface without requiring authentication, all
CVE-2025-60736 - Code-Projects Online Medicine Guide SQL Injection
CVE ID : CVE-2025-60736 Published : Dec. 2, 2025, 7:15 p.m. | 21 hours, 33 minutes ago Description : code-projects Online Medicine Guide 1.0 is vulnerable to SQL Injection in /login.php via the upass parameter. Sever
CVE-2025-65896 - Long2Ice AsyncMy SQL Injection Vulnerability
CVE ID : CVE-2025-65896 Published : Dec. 2, 2025, 7:15 p.m. | 21 hours, 33 minutes ago Description : SQL injection vulnerability in long2ice assyncmy thru 0.2.10 allows attackers to execute arbitrary SQL commands via