Sec Feed Reader

Navigation

Schnelluebersicht mit Zeitraum und Schweregrad: Startseite
Erweiterte Filter und Listen: diese Seite (entries)

Erweiterte Filter

Quelle

Schweregrad Kategorie CVE-ID

Von (Datum)

Bis (Datum)

Sortierung Reihenfolge

40 Eintraege gefunden · 50 pro Seite · Seite 1 von 1.


2026-05-13 07:00	project_zero	A 0-click exploit chain for the Pixel 10: When a Door Closes, a Window Opens	CRITICAL	CVE-2025-54957	—	threat_intel
2026-05-04 00:00	apache_httpd_sec	CVE-2026-28780: Heap-based Buffer Overflow vulnerability in mod_proxy_ajp of Apache HTTP Server. If mod_proxy_ajp connects to a malicious AJP server this AJP server can send a malicious AJP message back to mod_proxy_ajp and cause it to write 4 attacker controlled bytes after the end of a heap based buffer. This issue affects Apache HTTP Server: through 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue.	CRITICAL	CVE-2026-28780	—	vendor_advisory
2026-05-01 05:00	zdi_pub	ZDI-26-307: FlowiseAI Flowise Airtable_Agent Code Injection Remote Code Execution Vulnerability	CRITICAL	CVE-2026-41265	—	threat_intel
2026-04-21 13:37	certcc_vuln	VU#414811: Terrarium contains a vulnerability that allows arbitrary code execution	CRITICAL	CVE-2026-5752	—	threat_intel
2026-04-21 05:00	zdi_pub	ZDI-26-245: (0Day) aws-mcp-server AWS CLI Command Injection Remote Code Execution Vulnerability	CRITICAL	CVE-2026-5059	—	threat_intel
2026-04-20 13:46	certcc_vuln	VU#915947: SGLang is vulnerable to remote code execution when rendering chat templates from a model file	CRITICAL	CVE-2026-5760	—	threat_intel
2026-04-15 05:00	zdi_pub	ZDI-26-292: QNAP TS-453E QVRPro excpostgres Exposed Dangerous Method Remote Code Execution Vulnerability	CRITICAL	CVE-2026-22898	—	threat_intel
2026-04-15 05:00	zdi_pub	ZDI-26-270: TrendAI Apex One Console Directory Traversal Remote Code Execution Vulnerability	CRITICAL	CVE-2025-54987	—	threat_intel
2026-04-15 05:00	zdi_pub	ZDI-26-269: TrendAI Apex One Console Directory Traversal Remote Code Execution Vulnerability	CRITICAL	CVE-2025-54948	—	threat_intel
2026-04-09 14:40	certcc_vuln	VU#536588: Multiple Heap Buffer Overflows in Orthanc DICOM Server	CRITICAL	CVE-2026-5437 CVE-2026-5438 CVE-2026-5439 +6	—	threat_intel
2026-04-02 05:00	zdi_pub	ZDI-26-252: Mozilla Firefox IonMonkey Switch Statement Optimization Type Confusion Remote Code Execution Vulnerability	CRITICAL	CVE-2026-4698	—	threat_intel
2026-03-30 18:14	certcc_vuln	VU#655822: Kyverno is vulnerable to server-side request forgery (SSRF)	CRITICAL	CVE-2026-4789	—	threat_intel
2026-03-30 15:50	certcc_vuln	VU#221883: CrewAI contains multiple vulnerabilities including SSRF, RCE and local file read	CRITICAL	CVE-2026-2275 CVE-2026-2285 CVE-2026-2286 +1	—	threat_intel
2026-03-30 05:00	zdi_pub	ZDI-26-246: (0Day) aws-mcp-server Command Injection Remote Code Execution Vulnerability	CRITICAL	CVE-2026-5058	—	threat_intel
2026-03-24 14:11	certcc_vuln	VU#577436: Hard coded credentials vulnerability in GoHarbor's Harbor	CRITICAL	CVE-2026-4404	—	threat_intel
2026-03-23 05:00	zdi_pub	ZDI-26-222: (Pwn2Own) Canon imageCLASS MF654Cdw BJNP Memory Corruption Remote Code Execution Vulnerability	CRITICAL	CVE-2025-14233	—	threat_intel
2026-03-16 05:00	zdi_pub	ZDI-26-192: Sonos Era 300 SMB Response Out-Of-Bounds Access Remote Code Execution Vulnerability	CRITICAL	CVE-2026-4149	—	threat_intel
2026-03-16 05:00	zdi_pub	ZDI-26-208: (Pwn2Own) Canon imageCLASS MF654Cdw TTF Parsing Integer Overflow Remote Code Execution Vulnerability	CRITICAL	CVE-2025-14237	—	threat_intel
2026-03-16 05:00	zdi_pub	ZDI-26-189: (Pwn2Own) VMware ESXi VMXNET3 Integer Overflow Local Privilege Escalation Vulnerability	CRITICAL	CVE-2025-41236	—	threat_intel
2026-03-16 05:00	zdi_pub	ZDI-26-190: (Pwn2Own) VMware Workstation PVSCSI Heap-based Buffer Overflow Local Privilege Escalation Vulnerability	CRITICAL	CVE-2025-41238	—	threat_intel
2026-03-16 05:00	zdi_pub	ZDI-26-206: (Pwn2Own) Canon imageCLASS MF654Cdw TTF Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability	CRITICAL	CVE-2025-14235	—	threat_intel
2026-03-16 05:00	zdi_pub	ZDI-26-204: (Pwn2Own) Canon imageCLASS MF654Cdw XPS Parser Stack-based Buffer Overflow Remote Code Execution Vulnerability	CRITICAL	CVE-2025-14232	—	threat_intel
2026-03-16 05:00	zdi_pub	ZDI-26-207: (Pwn2Own) Canon imageCLASS MF654Cdw dtdc_addr_importSub Stack-based Buffer Overflow Remote Code Execution Vulnerability	CRITICAL	CVE-2025-14236	—	threat_intel
2026-03-16 05:00	zdi_pub	ZDI-26-203: (Pwn2Own) Canon imageCLASS MF654Cdw XML SOAP Request Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability	CRITICAL	CVE-2025-14231	—	threat_intel
2026-03-16 05:00	zdi_pub	ZDI-26-188: (Pwn2Own) VMware ESXi VMCI Integer Underflow Local Privilege Escalation Vulnerability	CRITICAL	CVE-2025-41237	—	threat_intel
2026-03-16 05:00	zdi_pub	ZDI-26-205: (Pwn2Own) Canon imageCLASS MF654Cdw PJCC Request Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability	CRITICAL	CVE-2025-14234	—	threat_intel
2026-03-03 06:00	zdi_pub	ZDI-26-134: Hewlett Packard Enterprise AutoPass License Server Authentication Bypass Vulnerability	CRITICAL	CVE-2026-23600	—	threat_intel
2026-02-25 06:00	zdi_pub	ZDI-26-124: claude-hovercraft executeClaudeCode Command Injection Remote Code Execution Vulnerability	CRITICAL	CVE-2025-15060	—	threat_intel
2026-01-14 18:01	project_zero	A 0-click exploit chain for the Pixel 9 Part 3: Where do we go from here?	CRITICAL	CVE-2025-36934 CVE-2025-54957	—	threat_intel
2026-01-14 17:59	project_zero	A 0-click exploit chain for the Pixel 9 Part 1: Decoding Dolby	CRITICAL	CVE-2025-36934 CVE-2025-49415 CVE-2025-54957	—	threat_intel
2025-07-10 00:00	apache_httpd_sec	CVE-2025-23048: In some mod_ssl configurations on Apache HTTP Server 2.4.35 through to 2.4.62, an access control bypass by trusted clients is possible using TLS 1.3 session resumption. Configurations are affected when mod_ssl is configured for multiple virtual hosts, with each restricted to a different set of trusted client certificates (for example with a different SSLCACertificateFile/Path setting). In such a case, a client trusted to access one virtual host may be able to access another virtual host, if SSLStrictSNIVHostCheck is not enabled in either virtual host.	CRITICAL	CVE-2025-23048	—	vendor_advisory
2024-10-02 10:00	bsi_csw	Version 1.0: Zimbra: Aktive Ausnutzung der Schwachstelle CVE-2024-45519	CRITICAL	CVE-2024-45519	0.99919000000	government_cert
2024-09-28 17:37	php_sec	PHP RCE: A Bypass of CVE-2012-1823, Argument Injection in PHP-CGI	CRITICAL	CVE-2012-1823 CVE-2024-4577	—	vendor_advisory
2024-09-27 17:50	php_sec	PHP CGI Parameter Injection Vulnerability (CVE-2024-4577 bypass)	CRITICAL	CVE-2024-4577 CVE-2024-8926	—	vendor_advisory
2024-07-17 00:00	apache_httpd_sec	CVE-2024-40898: SSRF in Apache HTTP Server on Windows with mod_rewrite in server/vhost context, allows to potentially leak NTLM hashes to a malicious server via SSRF and malicious requests. Users are recommended to upgrade to version 2.4.62 which fixes this issue.	CRITICAL	CVE-2024-40898	—	vendor_advisory
2024-07-01 00:00	apache_httpd_sec	CVE-2024-38476: Vulnerability in core of Apache HTTP Server 2.4.59 and earlier are vulnerably to information disclosure, SSRF or local script execution via backend applications whose response headers are malicious or exploitable. Note: Some legacy uses of the 'AddType' directive to connect a request to a handler must be ported to 'SetHandler' after this fix. Users are recommended to upgrade to version 2.4.60, which fixes this issue.	CRITICAL	CVE-2024-38476	—	vendor_advisory
2024-07-01 00:00	apache_httpd_sec	CVE-2024-38475: Improper escaping of output in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to map URLs to filesystem locations that are permitted to be served by the server but are not intentionally/directly reachable by any URL, resulting in code execution or source code disclosure. Substitutions in server context that use a backreferences or variables as the first segment of the substitution are affected. Some unsafe RewiteRules will be broken by this change and the rewrite flag "UnsafePrefixStat" can be used to opt back in once ensuring the substitution is appropriately constrained.	CRITICAL	CVE-2024-38475	—	vendor_advisory
2024-06-09 18:37	php_sec	bypass CVE-2024-1874	CRITICAL	CVE-2024-1874 CVE-2024-5585	—	vendor_advisory
2023-03-07 00:00	apache_httpd_sec	CVE-2023-25690: Some mod_proxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request Smuggling attack. Configurations are affected when mod_proxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches some portion of the user-supplied request-target (URL) data and is then re-inserted into the proxied request-target using variable substitution. For example, something like: RewriteEngine on RewriteRule "^/here/(.*)" "http://example.com:8080/elsewhere?$1"; [P] ProxyPassReverse /here/ http://example.com:8080/ Request splitting/smuggling could result in bypass of access controls in the proxy server, proxying unintended URLs to existing origin servers, and cache poisoning.	CRITICAL	CVE-2023-25690	—	vendor_advisory
2023-01-17 00:00	apache_httpd_sec	CVE-2022-36760: Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in mod_proxy_ajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to. This issue affects Apache HTTP Server Apache HTTP Server 2.4 version 2.4.54 and prior versions.	CRITICAL	CVE-2022-36760	—	vendor_advisory