ARTIKEL SUCHE
Threat Feed QueryDurchsuche alle aggregierten Security-Artikel nach Schlagworten, CVE-IDs und Quellen.
Critical Gogs RCE Vulnerability Lets Any Authenticated User Execute Arbitrary Code
A critical security vulnerability has been disclosed in Gogs, a popular open-source self-hosted Git service, that allows an authenticated user to execute arbitrary code under certain conditions. The security flaw, per R
[Critical] CVE-2026-45261 – GitButler is a modern Git-based version control interface for AI-powered workflo...
Critical CVE-2026-45261 GitButler is a modern Git-based version control interface for AI-powered workflows. Prior to 0.19.7, a emote code execution vulnerability exists in the Tauri-based GitButler desktop application. A
[Critical] CVE-2026-44477 – CloudNativePG is a platform designed to manage PostgreSQL databases within Kuber...
Critical CVE-2026-44477 CloudNativePG is a platform designed to manage PostgreSQL databases within Kubernetes environments. Prior to 1.29.1 and 1.28.3, the CloudNativePG metrics exporter opens its PostgreSQL connection a
[Critical] CVE-2026-38704 – A command injection vulnerability exists in the WireGuard VPN feature of InHand ...
Critical CVE-2026-38704 A command injection vulnerability exists in the WireGuard VPN feature of InHand Networks IR302 firmware V3.5.108, IR305 firmware V1.0.118, IR315 firmware V1.0.118, IR615 firmware V1.0.118, and ear
[Critical] CVE-2026-38707 – A command injection vulnerability exists in the IPSec VPN feature of InHand Netw...
Critical CVE-2026-38707 A command injection vulnerability exists in the IPSec VPN feature of InHand Networks IR302 firmware V3.5.108, IR305 firmware V1.0.118, IR315 firmware V1.0.118, IR615 firmware V1.0.118, and earlier
[Critical] CVE-2026-24444 – SDMC NE6037 cable modem routers running firmware 7.1.6.0.25 and 7.1.6.1.9_B9 con...
Critical CVE-2026-24444 SDMC NE6037 cable modem routers running firmware 7.1.6.0.25 and 7.1.6.1.9_B9 contain a hardcoded password vulnerability in the web management interface recovery endpoints (mgmt.php, npcmd.php) tha
New Gogs 0-Day Vulnerability Lets Attackers Run Malicious Code on the Server Remotely
A critical zero-day vulnerability has been discovered in Gogs, one of the most widely deployed self-hosted Git platforms in the world, allowing any authenticated user to execute arbitrary commands on the underlying serve
[Critical] CVE-2026-44672 – mapfish-print is a component of MapFish for printing templated cartographic maps...
Critical CVE-2026-44672 mapfish-print is a component of MapFish for printing templated cartographic maps. From 3.23.0 to before 3.28.28, 3.30.30, 3.31.22, 3.33.14, and 4.0.3, the attacker can execute arbitrary code in D
CVE-2026-35616: FortiClient EMS Flaw Actively Exploited in Malware Attacks
A critical FortiClient Endpoint Management Server (EMS) vulnerability patched in April has been exploited in fresh attacks to deploy information-stealing malware, Arctic Wolf reports. The flaw, tracked as CVE-2026-35616
Critical OpenVPN Connect for macOS Vulnerability Let Attackers Execute Arbitrary Commands
A critical privilege escalation vulnerability has been discovered in OpenVPN Connect for macOS, enabling local attackers to execute arbitrary commands with elevated privileges through the application’s background service
Threat Actors Exploit Critical FortiClient EMS Flaw to Deploy Credential Stealer
Threat actors are continuing to exploit a critical, now-patched security flaw impacting FortiClient Endpoint Management Server (EMS) deployments to deliver credential-stealing malware. "The campaign abused trusted endpo
[Critical] CVE-2026-8980 – The Mennekes Amtron series (firmware versions ≤ 5.22.3) is vulnerable to privile...
Critical CVE-2026-8980 The Mennekes Amtron series (firmware versions ≤ 5.22.3) is vulnerable to privilege escalation. An authenticated low-privileged user can change the passwords of the admin (operator) and manufacturer
Critical FortiClient EMS Vulnerability Exploited in Fresh Attacks
Fortinet rolled out hotfixes for the security defect in April, warning that it had been exploited in the wild as a zero-day and urging immediate patching. The post Critical FortiClient EMS Vulnerability Exploited in Fres
Hackers Use GHOSTYNETWORKS and OMEGATECH to Host JS Malware Infrastructure
In March 2026, a wave of malicious spam emails began hitting inboxes across multiple countries and industries. Threat actors were quietly distributing a JavaScript-coded backdoor, targeting organizations in sectors as cr
Gitea Container Vulnerability Exposes Private Container Images to Attackers
A critical security vulnerability in Gitea’s built-in container registry exposes private container images to unauthenticated attackers, raising significant concerns for organizations that rely on self-hosted Git and CI/C
Critical Roundcube Webmail Vulnerability Let Attackers Inject SQL Queries
Roundcube Webmail users are being urged to apply urgent updates after developers patched multiple security flaws. Including a critical pre-authentication SQL injection vulnerability that could allow attackers to manipula
Microsoft Warns Public Release of Zero-Day Details Before Vendor Coordination
Microsoft has issued a strong warning after multiple zero-day vulnerabilities were publicly disclosed without prior coordination, raising concerns about increased risk to users and enterprise environments. The company st
Critical Notepad++ Vulnerabilities Allow Attackers to Execute Arbitrary Code
Notepad++, one of the most widely used open-source text editors for Windows, has released an urgent security update addressing three vulnerabilities, including two arbitrary code execution flaws that could allow attacker
CVE-2026-32998 - Veeam Service Provider Console Remote Code Execution Vulnerability
CVE ID :CVE-2026-32998 Published : May 28, 2026, 5:16 a.m. | 1 hour, 53 minutes ago Description :This vulnerability in Veeam Service Provider Console allows for remote code execution. Severity: 9.4 | CRITICAL
[Medium] CVE-2026-44720 – OpenLearnX is an open-source, decentralized learning and assessment platform. Pr...
Medium CVE-2026-44720 OpenLearnX is an open-source, decentralized learning and assessment platform. Prior to 2.0.4, a critical authentication vulnerability was identified in OpenLearnX that could allow unauthorized acces