ARTIKEL SUCHE
Threat Feed QueryDurchsuche alle aggregierten Security-Artikel nach Schlagworten, CVE-IDs und Quellen.
[Critical] CVE-2026-44849 – Portainer Community Edition is a lightweight service delivery platform for conta...
Critical CVE-2026-44849 Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. From 2.33.0 to befo
[Critical] CVE-2026-9645 – Exposed methods allow authenticated users to create and execute arbitrary JavaSc...
Critical CVE-2026-9645 Exposed methods allow authenticated users to create and execute arbitrary JavaScript code on the server. The scripts execute with full access, enabling complete system compromise as commands are ex
[Critical] CVE-2026-46840 – Vulnerability in Oracle REST Data Services (component: Backend-as-a-Service). S...
Critical CVE-2026-46840 Vulnerability in Oracle REST Data Services (component: Backend-as-a-Service). Supported versions that are affected are 24.2.0-26.1.0. Easily exploitable vulnerability allows unauthenticated attac
[Critical] CVE-2026-46822 – Vulnerability in the Oracle iAssets product of Oracle E-Business Suite (componen...
Critical CVE-2026-46822 Vulnerability in the Oracle iAssets product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability
[Critical] CVE-2026-46824 – Vulnerability in the Oracle Universal Work Queue product of Oracle E-Business Su...
Critical CVE-2026-46824 Vulnerability in the Oracle Universal Work Queue product of Oracle E-Business Suite (component: Work Provider Site Level Administration). Supported versions that are affected are 12.2.3-12.2.15.
[Critical] CVE-2026-45288 – Marten is a .NET Transactional Document DB and Event Store on PostgreSQL. Prior ...
Critical CVE-2026-45288 Marten is a .NET Transactional Document DB and Event Store on PostgreSQL. Prior to 8.36.1, Marten's full-text search APIs interpolated the user-supplied regConfig parameter directly into the gener
[Critical] CVE-2026-46775 – Vulnerability in Oracle REST Data Services (component: Core). Supported version...
Critical CVE-2026-46775 Vulnerability in Oracle REST Data Services (component: Core). Supported versions that are affected are 24.2.0-26.1.0. Easily exploitable vulnerability allows low privileged attacker with network
[Critical] CVE-2026-46819 – Vulnerability in the Oracle Internet Procurement Connector product of Oracle E-B...
Critical CVE-2026-46819 Vulnerability in the Oracle Internet Procurement Connector product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are affected are 12.2.3-12.2.15. Easily exp
[Critical] CVE-2026-34311 – Vulnerability in the Oracle Hospitality OPERA 5 Property Services product of Ora...
Critical CVE-2026-34311 Vulnerability in the Oracle Hospitality OPERA 5 Property Services product of Oracle Hospitality Applications (component: Opera). Supported versions that are affected are 5.6.19.24, 5.6.22, 5.6.25
[Critical] CVE-2026-9037 – A firmware update mechanism in the affected charging controller fails to validat...
Critical CVE-2026-9037 A firmware update mechanism in the affected charging controller fails to validate the authenticity of firmware packages delivered through the device's management interface. Because cryptographic si
[Critical] CVE-2026-45039 – RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta...
Critical CVE-2026-45039 RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, the internode RPC layer authenticates every request with an HMAC-SHA256 signature using a shared secret. The fun
[Critical] CVE-2026-45311 – CodeWhale is a DeepSeek + MiMo coding agent in terminal. From 0.3.0 to 0.8.23, t...
Critical CVE-2026-45311 CodeWhale is a DeepSeek + MiMo coding agent in terminal. From 0.3.0 to 0.8.23, the run_tests tool executes cargo test in the workspace with ApprovalRequirement::Auto, meaning it runs without any u
[Critical] CVE-2026-45323 – MeshCore Card provides MeshCore Lovelace card for Home Assistant. Prior to 0.3.3...
Critical CVE-2026-45323 MeshCore Card provides MeshCore Lovelace card for Home Assistant. Prior to 0.3.3, Meshcore node names are rendered without HTML escaping in meshcore-card, allowing any node within direct or indire
[Critical] CVE-2026-45353 – electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ft...
Critical CVE-2026-45353 electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. From 3.0.6 to 3.8.8, This vulnerability is fixed in 3.9.0. CVSS: 9.3 · CWE: CWE-94 View on NVD
[Critical] CVE-2026-45374 – CodeWhale is a DeepSeek + MiMo coding agent in terminal. Prior to 0.8.26, the ta...
Critical CVE-2026-45374 CodeWhale is a DeepSeek + MiMo coding agent in terminal. Prior to 0.8.26, the task_create tool spawns durable sub-agents that inherit two insecure defaults, allow_shell defaults to true (config.rs
CVE-2026-45353 - electerm: Local code through electerm's single-instance socket
CVE ID :CVE-2026-45353 Published : May 28, 2026, 6:16 p.m. | 54 minutes ago Description :electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. From 3.0.6 to 3.8.8, This vulnerab
[Critical] CVE-2026-45058 – electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ft...
Critical CVE-2026-45058 electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. In 3.8.8 and earlier, there is persistent local-pty code execution via imported bookmarks or compromised s
[Critical] CVE-2026-43898 – SandboxJS is a JavaScript sandboxing library. Prior to 0.9.6, sandbox-defined fu...
Critical CVE-2026-43898 SandboxJS is a JavaScript sandboxing library. Prior to 0.9.6, sandbox-defined functions expose Function.caller, allowing sandboxed code to recover the internal LispType.Call runtime callback. That
AI-Generated npm Malware Accidentally Exposes Threat Actor’s Private GitHub Token
A new wave of AI-generated malware is hitting the open-source software ecosystem, and this time, the attacker made a critical mistake that gave researchers a rare inside look at their operation. A malicious package named
Critical Gogs RCE Vulnerability Lets Any Authenticated User Execute Arbitrary Code
A critical security vulnerability has been disclosed in Gogs, a popular open-source self-hosted Git service, that allows an authenticated user to execute arbitrary code under certain conditions. The security flaw, per R