Tag: cve-2026-21262

security

Kritische LiteSpeed-Lücke mit CVSS 10.0 wird aktiv ausgenutzt

Die kritische Sicherheitslücke CVE-2026-48172 im LiteSpeed cPanel-Plugin ermöglicht jedem cPanel-Konto über die Redis-API die Ausführung be­lie­bi­ger Skripte mit Root-Rechten. Die Lücke hat den maximalen CVSS-Wert 10.0 und wird von CISA als bekannt ausgenutzte Schwachstelle geführt. Patches sind verfügbar, Betreiber betroffener Hosting-Server sollten umgehend aktualisieren.

Mehr lesen →
soc

CVE-2026-9082: Highly Critical Drupal Core SQL Injection Flaw Threatens PostgreSQL Sites

Drupal has released security updates for a “highly critical” security vulnerability in Drupal Core that can be exploited by anonymous attackers against sites using PostgreSQL databases. Tracked as the CVE-2026-9082 vulnerability, the issue resides in Drupal’s database abstraction API, which is supposed to sanitize queries before they reach the backend database. Drupal rates the flaw […]

Mehr lesen →
soc

CVE-2026-20223: Cisco Secure Workload Auth Bypass Grants Site Admin Access

CVE-2026-20223: Cisco Secure Workload Auth Bypass Grants Site Admin Access Cisco has patched a maximum-severity vulnerability in Cisco Secure Workload (CSW) Cluster Software tracked as CVE-2026-20223. The issue is an authentication and access-control bypass affecting internal REST API endpoints, and it can allow a remote, unauthenticated attacker to obtain Site Admin privileges. Site Admin is […]

Mehr lesen →
soc

CVE-2024-12802: SonicWall SSL-VPN MFA Bypass Persists on Gen6

CVE-2024-12802: SonicWall SSL-VPN MFA Bypass Persists on Gen6 CVE-2024-12802 is an authentication bypass that can result in an SSL-VPN MFA bypass affecting SonicWall SonicOS / SonicWall SSL-VPN when the VPN is integrated with Microsoft Active Directory (AD) in certain configurations. The issue matters because defenders may think they are protected after upgrading firmware, yet Gen6 […]

Mehr lesen →