ARTIKEL SUCHE
Threat Feed QueryDurchsuche alle aggregierten Security-Artikel nach Schlagworten, CVE-IDs und Quellen.
Gitea Container Vulnerability Exposes Private Container Images to Attackers
A critical security vulnerability in Gitea’s built-in container registry exposes private container images to unauthenticated attackers, raising significant concerns for organizations that rely on self-hosted Git and CI/C
Critical Roundcube Webmail Vulnerability Let Attackers Inject SQL Queries
Roundcube Webmail users are being urged to apply urgent updates after developers patched multiple security flaws. Including a critical pre-authentication SQL injection vulnerability that could allow attackers to manipula
Microsoft Warns Public Release of Zero-Day Details Before Vendor Coordination
Microsoft has issued a strong warning after multiple zero-day vulnerabilities were publicly disclosed without prior coordination, raising concerns about increased risk to users and enterprise environments. The company st
Critical Notepad++ Vulnerabilities Allow Attackers to Execute Arbitrary Code
Notepad++, one of the most widely used open-source text editors for Windows, has released an urgent security update addressing three vulnerabilities, including two arbitrary code execution flaws that could allow attacker
CVE-2026-32998 - Veeam Service Provider Console Remote Code Execution Vulnerability
CVE ID :CVE-2026-32998 Published : May 28, 2026, 5:16 a.m. | 1 hour, 53 minutes ago Description :This vulnerability in Veeam Service Provider Console allows for remote code execution. Severity: 9.4 | CRITICAL
[Medium] CVE-2026-44720 – OpenLearnX is an open-source, decentralized learning and assessment platform. Pr...
Medium CVE-2026-44720 OpenLearnX is an open-source, decentralized learning and assessment platform. Prior to 2.0.4, a critical authentication vulnerability was identified in OpenLearnX that could allow unauthorized acces
[Critical] CVE-2026-45083 – The Goobi viewer is a web application that allows digitised material to be displ...
Critical CVE-2026-45083 The Goobi viewer is a web application that allows digitised material to be displayed in a web browser. From 4.8.0 to before 26.04.1, the Goobi viewer REST endpoint POST /api/v1/index/stream accept
[Critical] CVE-2026-8363 – A stack-based buffer overflow condition exists in WOSDeviceDropFolder.dll when p...
Critical CVE-2026-8363 A stack-based buffer overflow condition exists in WOSDeviceDropFolder.dll when processing a long URL path starting with /resources: CVSS: 9.8 · CWE: CWE-121 View on NVD
[Critical] CVE-2026-8364 – Gladinet Triofox Cloud Server Agent Access Service (GladServerAgentService.exe) ...
Critical CVE-2026-8364 Gladinet Triofox Cloud Server Agent Access Service (GladServerAgentService.exe) listens on TCP port 7878 and processes remote HTTP messages with URL paths starting with /resources, /status, /sysinf
CVE-2026-8363 - Gladinet Triofox Stack-based Buffer Overflow in WOSDeviceDropFolder.dll
CVE ID :CVE-2026-8363 Published : May 27, 2026, 8:16 p.m. | 53 minutes ago Description :A stack-based buffer overflow condition exists in WOSDeviceDropFolder.dll when processing a long URL path starting with /resou
CVE-2026-8364 - Gladinet Triofox Missing Authentication for Critical Functions
CVE ID :CVE-2026-8364 Published : May 27, 2026, 8:16 p.m. | 53 minutes ago Description :Gladinet Triofox Cloud Server Agent Access Service (GladServerAgentService.exe) listens on TCP port 7878 and processes remote
[Critical] CVE-2026-44888 – Pi.Alert is a WIFI / LAN intruder detector with web service monitoring. Prior to...
Critical CVE-2026-44888 Pi.Alert is a WIFI / LAN intruder detector with web service monitoring. Prior to 2026-05-07, Pi.Alert's SaveConfigFile() endpoint writes user-supplied numeric config values (e.g., SMTP_PORT) direc
[Critical] CVE-2026-45102 – OneUptime is an open-source monitoring and observability platform. Prior to 10.0...
Critical CVE-2026-45102 OneUptime is an open-source monitoring and observability platform. Prior to 10.0.98, OneUptime uses the Node.js' vm module as an isolation primitive. This API was not designed for that and can be
[Critical] CVE-2026-44590 – Sherlock hunts down social media accounts by username across social networks. Pr...
Critical CVE-2026-44590 Sherlock hunts down social media accounts by username across social networks. Prior to 0.16.1, the GitHub Actions workflow validate_modified_targets.yml is vulnerable to command injection via the
[Critical] CVE-2026-48150 – Budibase is an open-source low-code platform. Prior to 3.39.0, /api/public/v1/ro...
Critical CVE-2026-48150 Budibase is an open-source low-code platform. Prior to 3.39.0, /api/public/v1/roles/assign is guarded by the builderOrAdmin middleware, which passes any user who is a builder for the app id in the
[Critical] CVE-2026-46425 – Budibase is an open-source low-code platform. Prior to 3.38.2, packages/worker/s...
Critical CVE-2026-46425 Budibase is an open-source low-code platform. Prior to 3.38.2, packages/worker/src/api/routes/global/scim.ts attaches only two middlewares to the SCIM router: requireSCIM (checks the Enterprise fe
[Critical] CVE-2026-45087 – Dalfox is a powerful open-source XSS scanner and utility focused on automation. ...
Critical CVE-2026-45087 Dalfox is a powerful open-source XSS scanner and utility focused on automation. Prior to 2.13.0, when dalfox is started in REST API server mode (dalfox server), the server binds to 0.0.0.0:6664 by
[Critical] CVE-2026-48027 – Nx Console is the user interface for Nx & Lerna. On 19 May 2026, a malicious ver...
Critical CVE-2026-48027 Nx Console is the user interface for Nx & Lerna. On 19 May 2026, a malicious version of Nx Console, 18.95.0, was published at 12:30 PM UTC and removed soon after at 12:48 PM UTC, leaving it availa
[Critical] CVE-2026-44330 – free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2,...
Critical CVE-2026-44330 free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's NEF mounts the nnef-pfdmanagement route group without inbound OAuth2/bearer-token authorization. A networ
How Top CISOs Increase Risk Visibility for Zero Critical Incidents
How many alerts in your SOC are truly business-critical, and how many only look urgent because the team lacks context? This is one of the hardest questions for CISOs today. Without clear visibility, teams can waste time