Vergleich von 14. April 2026 mit dem Vortag 13. April 2026.
CISA's catalog indicates these vulnerabilities are actively exploited in the wild, elevating them from theoretical to immediate threats requiring prioritized remediation.
CISA has confirmed active exploitation of these flaws, elevating them from theoretical vulnerabilities to immediate threats requiring urgent patching.
Highlights a critical SQL injection vulnerability among 19 patches, emphasizing the need for immediate prioritization beyond standard patch cycles.
Vulnerability specifically enables command injection on UniFi Play audio hardware, expanding the attack surface beyond core networking gear.
The vulnerability allows an attacker on the UniFi Play network to enable SSH for persistent unauthorized access and system changes.
This vulnerability specifically allows attackers with network access to obtain WiFi credentials from UniFi Play devices, potentially compromising wireless network security.
The vulnerability allows unauthorized updates and deletions of child entities via OData services, posing a direct integrity risk to business data.
The vulnerability specifically allows unauthorized updates and deletions of child entities via the Manage Reference Structures OData service, highlighting a critical authorization flaw in a common business function.
Attackers can manipulate critical reference structures in SAP S/4HANA without authorization, potentially disrupting manufacturing data integrity.
The alert details a specific authorization flaw in SAP's analytics and content modules that could lead to unauthorized data access.
Describes a specific low-privilege attack vector for information disclosure in a critical ERP module.
The vulnerability allows unauthenticated remote attackers to bypass authentication in a critical network management system for industrial environments.
The vulnerability enables an authenticated attacker to reset any user's password, posing a significant internal threat to network management systems.
Describes an unauthenticated code injection vulnerability in SAP NetWeaver Web Dynpro Java that could allow attackers to execute arbitrary code.
The vulnerability allows authenticated attackers to obtain limited information from other user sessions via stored XSS.
The vulnerability specifically bypasses authorization checks in a core SAP business application, exposing sensitive material master data.
The vulnerability specifically allows unauthorized updates and deletions of child entities via OData services, highlighting a targeted weakness in the Manage Technical Object Structures service.
The vulnerability allows unauthenticated attackers to hijack sessions by reusing tokens, posing a direct risk to business intelligence data.
This highlights a specific, authenticated attack vector for data exfiltration within a critical enterprise application.
Vulnerability affects multiple Siemens engineering and simulation software products widely used in manufacturing design and automation workflows.
The advisory details a specific attack vector via an RFC-exposed function module enabling ABAP and OS command injection for high-privileged users.
Highlights how diverse state-sponsored actors converge on similar initial access techniques, emphasizing the need for robust foundational security controls.
Keine Änderungen in dieser Kategorie.
Keine Änderungen in dieser Kategorie.
The alert highlights the specific risk of SSRF being used to probe internal services and cloud metadata, which is a critical attack path beyond just patching.
This vulnerability allows unauthenticated attackers with adjacent network access to achieve SYSTEM privileges through certificate validation flaws.
Describes a specific attack vector where malware could leverage local admin rights to disable detection, moving beyond a simple patch notification.