ARTIKEL SUCHE
Threat Feed QueryDurchsuche alle aggregierten Security-Artikel nach Schlagworten, CVE-IDs und Quellen.
CISA warns of cyberattacks targeting fuel tank monitoring systems
CISA, the FBI, the NSA, the Department of Energy, and other US government partners are warning that hackers are targeting internet-exposed automatic tank gauge (ATG) systems used to monitor fuel and liquid storage tanks
CVE-2026-36748 - RockRMS Cross-Site Scripting
CVE ID :CVE-2026-36748 Published : June 3, 2026, 4:16 p.m. | 4 hours, 57 minutes ago Description :RockRMS v16.13 and before v.17.7.0 is vulnerable to Cross Site Scripting (XSS) via Social Media links in user profil
WordPress Plugin Vulnerability Exposes 500,000+ Websites to Privilege Escalation Attacks
A critical security flaw in the widely used Kirki WordPress plugin has exposed over 500,000 websites to potential account takeover attacks, with researchers warning that approximately 150,000 sites are actively vulnerabl
[Critical] CVE-2026-35075 – An unauthenticated remote attacker can recover a default, hard coded password fr...
Critical CVE-2026-35075 An unauthenticated remote attacker can recover a default, hard coded password from a firmware image and thus gain full access to all affected devices. CVSS: 9.8 · CWE: CWE-1393 View on NVD
Critical Apache ActiveMQ Vulnerability Allows Malicious Security Header Injections
A critical vulnerability in Apache ActiveMQ has been disclosed, allowing attackers to inject malicious HTTP security headers through improperly handled message properties, potentially leading to cross-site scripting and
[Critical] CVE-2026-47065 – ZDRES-232: resolveProxyClass Not Overridden - acceptMatchers Filter Bypass via j...
Critical CVE-2026-47065 ZDRES-232: resolveProxyClass Not Overridden - acceptMatchers Filter Bypass via java.lang.reflect.Proxy Assessment: Fully addressed. When the serialised stream contains a TC_PROXYCLASSDESC (the
[Critical] CVE-2025-14771 – Files or directories accessible to external parties vulnerability in ABB T-MAC P...
Critical CVE-2025-14771 Files or directories accessible to external parties vulnerability in ABB T-MAC Plus. This issue affects T-MAC Plus: 4.0-24. CVSS: 9.9 · CWE: CWE-552 View on NVD
CVE-2026-35075 - Hardcoded default Password for Service Account
CVE ID :CVE-2026-35075 Published : June 3, 2026, 10:38 a.m. | 2 hours, 35 minutes ago Description :An unauthenticated remote attacker can recover a default, hard coded password from a firmware image and thus gain f
CVE-2026-47065 - Apache MINA: Critical Deserialization Allow-list Bypass via resolveProxyClass - ZDRES-232
CVE ID :CVE-2026-47065 Published : June 3, 2026, 9:39 a.m. | 1 hour, 34 minutes ago Description :ZDRES-232: resolveProxyClass Not Overridden - acceptMatchers Filter Bypass via java.lang.reflect.Proxy Assessment:
[Critical] CVE-2026-4035 – A vulnerability in mlflow/mlflow versions prior to 3.11.0 allows for the resolut...
Critical CVE-2026-4035 A vulnerability in mlflow/mlflow versions prior to 3.11.0 allows for the resolution of environment variables in AI Gateway secrets, which can be exploited to exfiltrate sensitive server-side enviro
CVE-2025-14771 - File Disclosure in ABB T-MAC Plus web application and in ABB T-MAC plus Server - Default IIS Web Site
CVE ID :CVE-2025-14771 Published : June 3, 2026, 9:16 a.m. | 1 hour, 57 minutes ago Description :Files or directories accessible to external parties vulnerability in ABB T-MAC Plus. This issue affects T-MAC Plus:
Why an HP Poly VoIP Phones Bug Could Become an Enterprise Foothold
Rapid7 details a critical unauthenticated overflow in HP Poly VoIP phones that can lead to root RCE, with patches available for affected models. Rapid7’s latest disclosure on CVE-2026-0826 should get serious attention fr
1-Click GitHub Token Vulnerability Lets Attackers Steal Users’ OAuth Tokens
A critical security vulnerability in Visual Studio Code’s webview implementation allows attackers to steal GitHub OAuth tokens, including read/write access to private repositories, simply by tricking a victim into clicki
[Critical] CVE-2026-32625 – LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. In v...
Critical CVE-2026-32625 LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. In versions up to and including 0.8.3, the Model Context Protocol (MCP) server integration resolves ${VAR} placeholders
Critical Kirki flaw exploited to hijack WordPress admin accounts
Hackers are exploiting a critical privilege escalation vulnerability (CVE-2026-8206) in the Kirki plugin for WordPress to take over any user account, including those belonging to administrators. [...]
[Critical] CVE-2026-49448 – authentik is an open-source identity provider. Prior to versions 2025.12.6, 2026...
Critical CVE-2026-49448 authentik is an open-source identity provider. Prior to versions 2025.12.6, 2026.2.4, and 2026.5.1, the Source stage can be bypassed by sending an empty POST. This issue has been patched in versio
[Critical] CVE-2026-42849 – authentik is an open-source identity provider. Prior to versions 2025.12.5 and 2...
Critical CVE-2026-42849 authentik is an open-source identity provider. Prior to versions 2025.12.5 and 2026.2.3, due to the implementation of stages in the SFE (Simple Flow Executor) in order to make the interface more c
[Critical] CVE-2026-5076 – The ARMember Premium plugin for WordPress is vulnerable to an insecure password ...
Critical CVE-2026-5076 The ARMember Premium plugin for WordPress is vulnerable to an insecure password reset mechanism in all versions up to, and including, 7.3.1. The plugin stores a plaintext copy of the password reset
[Critical] CVE-2026-42074 – OpenClaude is an open-source coding-agent command line interface for cloud and l...
Critical CVE-2026-42074 OpenClaude is an open-source coding-agent command line interface for cloud and local model providers. Prior to version 0.5.1, the dangerouslyDisableSandbox parameter is exposed as part of the Bash
[Critical] CVE-2026-0611 – Spacelabs Healthcare Sentinel versions 10.5.x and higher and 11.x.x before 11.6...
Critical CVE-2026-0611 Spacelabs Healthcare Sentinel versions 10.5.x and higher and 11.x.x before 11.6.0 contain an unauthenticated remote code execution vulnerability through a deprecated .NET Remoting HTTP channel expo