Vergleich von 21. April 2026 mit dem Vortag 14. April 2026.
Describes an active ransomware campaign using a SystemBC botnet for command and control, indicating a shift to more resilient, bot-powered attacks against corporate networks.
Keine Änderungen in dieser Kategorie.
Keine Änderungen in dieser Kategorie.
CISA's catalog indicates these vulnerabilities are actively exploited in the wild, elevating them from theoretical to immediate threats requiring prioritized remediation.
CISA has confirmed active exploitation of these flaws, elevating them from theoretical vulnerabilities to immediate threats requiring urgent patching.
Highlights a critical SQL injection vulnerability among 19 patches, emphasizing the need for immediate prioritization beyond standard patch cycles.
Vulnerability specifically enables command injection on UniFi Play audio hardware, expanding the attack surface beyond core networking gear.
The vulnerability allows an attacker on the UniFi Play network to enable SSH for persistent unauthorized access and system changes.
This vulnerability specifically allows attackers with network access to obtain WiFi credentials from UniFi Play devices, potentially compromising wireless network security.
The vulnerability allows unauthorized updates and deletions of child entities via OData services, posing a direct integrity risk to business data.
The vulnerability specifically allows unauthorized updates and deletions of child entities via the Manage Reference Structures OData service, highlighting a critical authorization flaw in a common business function.
Attackers can manipulate critical reference structures in SAP S/4HANA without authorization, potentially disrupting manufacturing data integrity.
The alert details a specific authorization flaw in SAP's analytics and content modules that could lead to unauthorized data access.
Describes a specific low-privilege attack vector for information disclosure in a critical ERP module.
The vulnerability allows unauthenticated remote attackers to bypass authentication in a critical network management system for industrial environments.
The vulnerability enables an authenticated attacker to reset any user's password, posing a significant internal threat to network management systems.
Describes an unauthenticated code injection vulnerability in SAP NetWeaver Web Dynpro Java that could allow attackers to execute arbitrary code.
The vulnerability allows authenticated attackers to obtain limited information from other user sessions via stored XSS.
The vulnerability specifically bypasses authorization checks in a core SAP business application, exposing sensitive material master data.
The vulnerability specifically allows unauthorized updates and deletions of child entities via OData services, highlighting a targeted weakness in the Manage Technical Object Structures service.
The vulnerability allows unauthenticated attackers to hijack sessions by reusing tokens, posing a direct risk to business intelligence data.
This highlights a specific, authenticated attack vector for data exfiltration within a critical enterprise application.
Vulnerability affects multiple Siemens engineering and simulation software products widely used in manufacturing design and automation workflows.
The advisory details a specific attack vector via an RFC-exposed function module enabling ABAP and OS command injection for high-privileged users.
Highlights how diverse state-sponsored actors converge on similar initial access techniques, emphasizing the need for robust foundational security controls.