Tag: cve-2025-48595

soc

CVE-2026-20245: Cisco SD-WAN Manager Zero-Day Enables Root Command Execution

05.06.2026

Cisco has disclosed a seventh SD-WAN zero-day exploited in 2026, tracked as CVE-2026-20245. The flaw affects the command-line interface of Cisco Catalyst SD-WAN Manager and can allow an authenticated remote attacker with netadmin privileges to execute arbitrary commands as root by uploading a crafted file. Cisco says exploitation has already been observed in limited cases, […]

Mehr lesen →
soc

CVE-2026-49975: HTTP/2 Bomb Attack Can Knock Web Servers Offline in Seconds

05.06.2026

A newly disclosed denial-of-service vulnerability, tracked as CVE-2026-49975, shows how long-known HTTP/2 weaknesses can still be chained into a highly effective modern attack. SecurityWeek reports that researchers at Calif demonstrated an HTTP/2 Bomb exploit capable of knocking major web servers offline within seconds by combining a compression bomb with a Slowloris-style hold that prevents the […]

Mehr lesen →
Sicherheitslücke

SharePoint RCE-Lücke funktioniert mit einfachem Benutzerkonto

05.06.2026

CVE-2026-45659 erlaubt einem angemeldeten Nutzer mit einfachem Benutzerkonto die Remotecodeausführung auf SharePoint-Servern. Microsoft bewertet den Deserialisierungsfehler mit CVSS 8.8 und hat Updates für drei Versionen bereitgestellt. Der Eintrag fehlte zunächst im Sammelpaket des Mai-Patchday und wurde am 26.05.2026 nachgereicht.

Mehr lesen →
Security Flaw

CVE-2025-48595: June 2026 Android Security Update Fixes Framework Zero-Day

03.06.2026

CVE-2025-48595: June 2026 Android Security Update Fixes Framework Zero-Day Google’s June 2026 Android Security Bulletin includes a fix for an Android Framework elevation of privilege zero-day tracked as CVE-2025-48595. Google noted the issue “may be under limited, targeted exploitation,” which raises the priority for teams managing Android fleets. The bulletin ships two patch levels, 2026-06-01 […]

Mehr lesen →