Sec Feed Reader

# Uebersichts-Dashboard

Neue Eintraege

Critical

High

Neue CVEs

Eintraege (7d)

Critical (7d)

High (7d)

CVEs (7d)

Aktive Quellen

Mit Fehlern

Kritisch (>= 5x)

Letzter Fetch

## Aktuelle Critical Advisories


A 0-click exploit chain for the Pixel 10: When a Door Closes, a Window Opens	2026-05-13 07:00	project_zero — `threat_intel`	1
CVE-2026-28780: Heap-based Buffer Overflow vulnerability in mod_proxy_ajp of Apache HTTP Server. If mod_proxy_ajp connects to a malicious AJP server this AJP server can send a malicious AJP message back to mod_proxy_ajp and cause it to write 4 attacker controlled bytes after the end of a heap based buffer. This issue affects Apache HTTP Server: through 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue.	2026-05-04 00:00	apache_httpd_sec — `vendor_advisory`	1
ZDI-26-307: FlowiseAI Flowise Airtable_Agent Code Injection Remote Code Execution Vulnerability	2026-05-01 05:00	zdi_pub — `threat_intel`	1
VU#414811: Terrarium contains a vulnerability that allows arbitrary code execution	2026-04-21 13:37	certcc_vuln — `threat_intel`	1
ZDI-26-245: (0Day) aws-mcp-server AWS CLI Command Injection Remote Code Execution Vulnerability	2026-04-21 05:00	zdi_pub — `threat_intel`	1
VU#915947: SGLang is vulnerable to remote code execution when rendering chat templates from a model file	2026-04-20 13:46	certcc_vuln — `threat_intel`	1
ZDI-26-292: QNAP TS-453E QVRPro excpostgres Exposed Dangerous Method Remote Code Execution Vulnerability	2026-04-15 05:00	zdi_pub — `threat_intel`	1
ZDI-26-269: TrendAI Apex One Console Directory Traversal Remote Code Execution Vulnerability	2026-04-15 05:00	zdi_pub — `threat_intel`	1
ZDI-26-270: TrendAI Apex One Console Directory Traversal Remote Code Execution Vulnerability	2026-04-15 05:00	zdi_pub — `threat_intel`	1
VU#536588: Multiple Heap Buffer Overflows in Orthanc DICOM Server	2026-04-09 14:40	certcc_vuln — `threat_intel`	9
ZDI-26-252: Mozilla Firefox IonMonkey Switch Statement Optimization Type Confusion Remote Code Execution Vulnerability	2026-04-02 05:00	zdi_pub — `threat_intel`	1
VU#655822: Kyverno is vulnerable to server-side request forgery (SSRF)	2026-03-30 18:14	certcc_vuln — `threat_intel`	1
VU#221883: CrewAI contains multiple vulnerabilities including SSRF, RCE and local file read	2026-03-30 15:50	certcc_vuln — `threat_intel`	4
ZDI-26-246: (0Day) aws-mcp-server Command Injection Remote Code Execution Vulnerability	2026-03-30 05:00	zdi_pub — `threat_intel`	1
VU#577436: Hard coded credentials vulnerability in GoHarbor's Harbor	2026-03-24 14:11	certcc_vuln — `threat_intel`	1
ZDI-26-222: (Pwn2Own) Canon imageCLASS MF654Cdw BJNP Memory Corruption Remote Code Execution Vulnerability	2026-03-23 05:00	zdi_pub — `threat_intel`	1
ZDI-26-204: (Pwn2Own) Canon imageCLASS MF654Cdw XPS Parser Stack-based Buffer Overflow Remote Code Execution Vulnerability	2026-03-16 05:00	zdi_pub — `threat_intel`	1
ZDI-26-205: (Pwn2Own) Canon imageCLASS MF654Cdw PJCC Request Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability	2026-03-16 05:00	zdi_pub — `threat_intel`	1
ZDI-26-206: (Pwn2Own) Canon imageCLASS MF654Cdw TTF Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability	2026-03-16 05:00	zdi_pub — `threat_intel`	1
ZDI-26-207: (Pwn2Own) Canon imageCLASS MF654Cdw dtdc_addr_importSub Stack-based Buffer Overflow Remote Code Execution Vulnerability	2026-03-16 05:00	zdi_pub — `threat_intel`	1
ZDI-26-208: (Pwn2Own) Canon imageCLASS MF654Cdw TTF Parsing Integer Overflow Remote Code Execution Vulnerability	2026-03-16 05:00	zdi_pub — `threat_intel`	1
ZDI-26-203: (Pwn2Own) Canon imageCLASS MF654Cdw XML SOAP Request Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability	2026-03-16 05:00	zdi_pub — `threat_intel`	1
ZDI-26-192: Sonos Era 300 SMB Response Out-Of-Bounds Access Remote Code Execution Vulnerability	2026-03-16 05:00	zdi_pub — `threat_intel`	1
ZDI-26-190: (Pwn2Own) VMware Workstation PVSCSI Heap-based Buffer Overflow Local Privilege Escalation Vulnerability	2026-03-16 05:00	zdi_pub — `threat_intel`	1
ZDI-26-189: (Pwn2Own) VMware ESXi VMXNET3 Integer Overflow Local Privilege Escalation Vulnerability	2026-03-16 05:00	zdi_pub — `threat_intel`	1

## High Advisories mit CVE-Bezug (7 Tage)


ZDI-26-317: Siemens Simcenter Femap IPT File Parsing Memory Corruption Remote Code Execution Vulnerability	2026-05-12 05:00	zdi_pub — `threat_intel`	CVE-2025-12659
ZDI-26-316: Siemens Simcenter Femap IPT File Parsing Memory Corruption Remote Code Execution Vulnerability	2026-05-12 05:00	zdi_pub — `threat_intel`	CVE-2025-12659
ZDI-26-310: Microsoft Windows splwow64 Race Condition Local Privilege Escalation Vulnerability	2026-05-12 05:00	zdi_pub — `threat_intel`	CVE-2026-34342
ZDI-26-309: Microsoft Windows Message Queueing Double Free Local Privilege Escalation Vulnerability	2026-05-12 05:00	zdi_pub — `threat_intel`	CVE-2026-33838
ZDI-26-315: Apple macOS USD Out-Of-Bounds Read Information Disclosure Vulnerability	2026-05-12 05:00	zdi_pub — `threat_intel`	CVE-2026-28941
ZDI-26-314: Apple macOS USD File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability	2026-05-12 05:00	zdi_pub — `threat_intel`	CVE-2026-28940
ZDI-26-312: Apple Safari Web Inspector WebCore Style Resolver Use-After-Free Remote Code Execution Vulnerability	2026-05-12 05:00	zdi_pub — `threat_intel`	CVE-2026-28955
VU#471747: dnsmasq contains several vulnerabilities, including attacker DNS redirect, privilege escalation, and heap manipulation	2026-05-11 16:49	certcc_vuln — `threat_intel`	CVE-2026-2291, CVE-2026-4890, CVE-2026-4891, CVE-2026-4892, CVE-2026-4893, CVE-2026-5172
VU#260001: Linux kernel contains local privilege escalation vulnerability (Copy Fail)	2026-05-08 19:23	certcc_vuln — `threat_intel`	CVE-2026-31431
CVE-2026-29168: Allocation of Resources Without Limits or Throttling vulnerability in Apache HTTP Server's mod_md via OCSP response data. This issue affects Apache HTTP Server: from 2.4.30 through 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue.	2026-05-04 12:00	apache_httpd_sec — `vendor_advisory`	CVE-2026-29168
CVE-2026-29169: A NULL pointer dereference in mod_dav_lock in Apache HTTP Server 2.4.66 and earlier may allow an attacker to crash the server with a malicious request.mod_dav_lock is not used internally by mod_dav or mod_dav_fs. The only known use-case for mod_dav_lock was mod_dav_svn from Apache Subversion earlier than version 1.2.0. Users are recommended to upgrade to version 2.4.67, which fixes this issue, or remove mod_dav_lock.	2026-05-04 12:00	apache_httpd_sec — `vendor_advisory`	CVE-2026-29169
CVE-2026-24072: An escalation of privilege bug in various modules in Apache HTTP 2.4.66 and earlier allows local .htaccess authors to read files with the privileges of the httpd user. Users are recommended to upgrade to version 2.4.67, which fixes this issue.	2026-05-04 00:00	apache_httpd_sec — `vendor_advisory`	CVE-2026-24072
CVE-2026-23918: Double Free and possible RCE vulnerability in Apache HTTP Server with the HTTP/2 protocol. This issue affects Apache HTTP Server: 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue.	2026-05-04 00:00	apache_httpd_sec — `vendor_advisory`	CVE-2026-23918
CVE-2026-34059: Buffer Over-read vulnerability in Apache HTTP Server. This issue affects Apache HTTP Server: through 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue.	2026-05-04 00:00	apache_httpd_sec — `vendor_advisory`	CVE-2026-34059
v3.0.15	2026-04-28 17:49	owasp_modsecurity — `vendor_advisory`	CVE-2026-30923, CVE-2026-42268
ZDI-26-306: Oracle VirtualBox SoundBlaster 16 Race Condition Local Privilege Escalation Vulnerability	2026-04-28 05:00	zdi_pub — `threat_intel`	CVE-2026-35230
ZDI-26-300: Flowise AccountService resetPassword Authentication Bypass Vulnerability	2026-04-27 05:00	zdi_pub — `threat_intel`	CVE-2026-41276
ZDI-26-304: Foxit PDF Reader AcroForm Annotation Use-After-Free Remote Code Execution Vulnerability	2026-04-27 05:00	zdi_pub — `threat_intel`	CVE-2026-5943
ZDI-26-302: Foxit PDF Reader AcroForm Signature Use-After-Free Remote Code Execution Vulnerability	2026-04-27 05:00	zdi_pub — `threat_intel`	CVE-2026-5941
ZDI-26-301: Foxit PDF Reader Annotation Use-After-Free Remote Code Execution Vulnerability	2026-04-27 05:00	zdi_pub — `threat_intel`	CVE-2026-5940
VU#748485: Unauthenticated configuration modification vulnerability in Central Office Services - Content Hosting Component	2026-04-23 12:28	certcc_vuln — `threat_intel`	CVE-2026-5756
ZDI-26-298: Siemens SINEC NMS Authentication Bypass Vulnerability	2026-04-23 05:00	zdi_pub — `threat_intel`	CVE-2026-24032
ZDI-26-296: Delta Electronics ASDA-Soft PAR File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability	2026-04-23 05:00	zdi_pub — `threat_intel`	CVE-2026-5726
ZDI-26-297: Siemens SINEC NMS Improper Authentication Privilege Escalation Vulnerability	2026-04-23 05:00	zdi_pub — `threat_intel`	CVE-2026-25654
ZDI-26-291: NI LabVIEW LVCLASS File Parsing Memory Corruption Remote Code Execution Vulnerability	2026-04-15 05:00	zdi_pub — `threat_intel`	CVE-2026-32861

## Quellen mit Fehlern


cisa_adv	4	2026-05-14 20:30	HTTP 403 for https://www.cisa.gov/news-events/cybersecurity-advisories.xml
cisa_ics	4	2026-05-14 20:30	HTTP 403 for https://www.cisa.gov/cybersecurity-advisories/ics-advisories.xml
cisa_kev	4	2026-05-14 20:30	HTTP 403 for https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json

## Eintraege nach Kategorie (letzte 30 Tage)


vendor_advisory	342	10	32	17	0
government_cert	330	1	0	0	0
security_news	290	0	0	0	0
threat_intel	255	29	115	28	1
package_tracker	30	0	0	0	0
distro_advisory	30	0	0	14	4