Analysierte Schwachstellen, sofort ausführbare Fix-Befehle und kritische Warnungen. Alle 6 Stunden aktualisiert.
Mehrere Schwachstellen in Craft CMS ermöglichen die Remote-Code-Ausführung und die unbefugte Offenlegung von Metadaten. Aktualisieren Sie auf die neuesten Versi
CVE-2026-25498CVE-2026-32263CVE-2026-32264GHSA-44px-qjjc-xrhqMultiple vulnerabilities have been discovered in Oneuptime, potentially leading to financial abuse, service disruption, and authentication bypass. Update to version 10.0.42.
CVE-2026-34759CVE-2026-34840CVE-2026-35053Multiple command injection vulnerabilities in Endian Firewall <= 3.3.25 allow authenticated attackers to execute arbitrary OS commands. Patch now!
CVE-2026-34797CVE-2026-34794CVE-2026-34792Multiple vulnerabilities, including path traversal and SSRF, have been discovered in SillyTavern. Update to version 1.17.0 to mitigate these risks.
CVE-2026-34526CVE-2026-34524CVE-2026-34523CVE-2026-34522Multiple vulnerabilities affect ONNX, potentially leading to DoS, arbitrary file read/write, and object corruption. Upgrade to version 1.21.0 to mitigate these risks.
CVE-2026-34445CVE-2026-34447GHSA-q56x-g2fj-4rj6Critical vulnerabilities in SciTokens <= 1.8.1: authorization bypass via scope path prefix & SQL injection. Upgrade to 1.9.6 now. #SITE_NAME# coverage.
CVE-2026-32716CVE-2026-32714Critical vulnerabilities in mppx nodejs package allow payment bypass and credential replay. Update to versions 0.4.11 and 0.4.8 immediately to mitigate risks.
CVE-2026-34210GHSA-8x4m-qw58-3pcxCritical vulnerabilities in Zebra (CVE-2026-34202, CVE-2026-34377) allow for remote DoS and consensus failure. Upgrade to Zebra 4.3.0 immediately to mitigate these risks.
CVE-2026-34202CVE-2026-34377Critical prototype pollution vulnerabilities (CVE-2026-33864, CVE-2026-33863) affect the convict npm package. Update to version 6.2.5 immediately to mitigate potential RCE.
CVE-2026-33864CVE-2026-33863Critical vulnerabilities in Ory Oathkeeper allow path traversal and authentication bypass. Update to version 0.40.10-0.20260320084758-8e0002140491 or later to mitigate these risks.
CVE-2026-33494CVE-2026-33495Critical vulnerabilities patched in MinIO: JWT algorithm confusion and LDAP brute-force. Update to RELEASE.2026-03-17T21-25-16Z to mitigate risks.
CVE-2026-33322CVE-2026-33419Critical: RegistrationMagic plugin suffers from privilege escalation (CVE-2025-15403) and authorization bypass (CVE-2026-32498). Update now!
CVE-2025-15403CVE-2026-32498Critical vulnerabilities in WordPress Ads Pro Plugin (<= 5.0): LFI (CVE-2025-46444), XSS (CVE-2025-46464). Update now! Unauthenticated RCE risk.
CVE-2025-46444CVE-2025-46464Critical OpenBao vulnerabilities patched! CVE-2026-33758 details XSS in OIDC auth. CVE-2025-52894 allows unauth rekey cancel. Update now!
CVE-2025-52894CVE-2026-33758Multiple vulnerabilities have been discovered in AIOHTTP, including header injection, DoS, and memory exhaustion. Upgrade to version 3.13.4 to mitigate these issues.
CVE-2026-34520CVE-2026-34516CVE-2026-22815Multiple vulnerabilities in PraisonAI, including ReDoS, authentication bypass, and SQL injection, expose critical risks. Upgrade to the latest version now.
CVE-2026-34939CVE-2026-34953CVE-2026-34934CVE-2026-34935+3Critical vulnerabilities in Praisonaiagents allow SSRF, sandbox escape, and shell injection. Upgrade to the latest version to mitigate risks.
CVE-2026-34954CVE-2026-34938CVE-2026-34937Multiple vulnerabilities discovered in signalk-server, including prototype pollution, unauthorized data manipulation, and privilege escalation. Update to version 2.24.0 or later.
CVE-2026-35038CVE-2026-33951CVE-2026-34083CVE-2026-33950Multiple stored XSS vulnerabilities discovered in CI4MS (CodeIgniter 4 CMS). CVE-2026-34565, CVE-2026-34561, CVE-2026-34569 affect versions before 0.31.0.0. Update now!
CVE-2026-34565CVE-2026-34561CVE-2026-34569Multiple vulnerabilities patched in Payload: unvalidated password recovery input, SQL injection, and CSRF bypass. Upgrade to v3.79.1 for fixes.
CVE-2026-34751CVE-2026-34747CVE-2026-34749