Warum die Überwachung von Schwachstellen für Ihr Unternehmen kritisch ist
Im Jahr 2025 wurden 48 185 neue Schwachstellen (CVE) veröffentlicht — ein Anstieg von 20 % gegenüber 2024. Im Jahr 2026 beschleunigt sich der Trend noch weiter. Jeden Tag werden mehr als 130 Sicherheitslücken öffentlich gemacht, von denen einige die Software betreffen, die Ihr Unternehmen täglich nutzt.
Laut dem Verizon Data Breach Investigations Report nutzen 60 % der Datenverletzungen Schwachstellen aus, für die zum Zeitpunkt des Angriffs bereits ein Patch vorhanden war. Das Problem ist nicht das Fehlen von Patches — es ist das Fehlen von Überwachung. Kein IT-Team kann manuell 130 CVE pro Tag verfolgen.
Avec CVE Find, explorez la plus grande base de données de vulnérabilités au monde.
Le CVE (Common Vulnerabilities and Exposures) est une liste de failles de sécurité informatique divulguées publiquement. Le programme CVE a pour objectif de faciliter le partage des données entre les différentes capacités de détection des vulnérabilités, qu'il s'agisse d'outils, de bases de données ou de services. Il fournit également une norme pour évaluer la couverture de ces outils et services.
Accédez à CVE Find
Was CVE Find für Sie tut
Wie werde ich in Echtzeit gewarnt?
CVE Find benachrichtigt Sie per E-Mail und SMS, sobald eine Schwachstelle Ihre Produkte betrifft. Konfigurierbare Frequenz: von der sofortigen Benachrichtigung bis zur monatlichen Zusammenfassung.
Sind meine Softwareprodukte anfällig?
Konfigurieren Sie Ihre Produkte (CMS, Server, Bibliotheken) über den CPE-Katalog. CVE Find überwacht die MITRE-Datenbank kontinuierlich und warnt Sie automatisch. 338 000+ CVE indexiert.
Wie priorisiere ich Patches?
Die CVSS-Bewertung (Schweregrad) und EPSS (Wahrscheinlichkeit einer tatsächlichen Ausnutzung) zeigen Ihnen, was zuerst korrigiert werden muss. Keine falschen Positiven mehr.
Welche Schwachstellen werden aktiv ausgenutzt?
Der integrierte CISA KEV-Katalog identifiziert Schwachstellen, die bereits in der Praxis ausgenutzt werden. Dies sind die Lücken, die mit absoluter Priorität zu schliessen sind.
Ist die Plattform auf Deutsch verfügbar?
Ja. CVE Find ist in Französisch, Englisch und Deutsch verfügbar. In der Schweiz von Bexxo entwickelt, ist es die einzige vollständige CVE-Plattform auf Deutsch.
Sind die Daten zuverlässig und aktuell?
Echtzeit-Synchronisierung mit MITRE, NVD, CISA und FIRST.org. Mehr als 48 000 CVE im Jahr 2025 hinzugefügt, und die Datenbank wird stündlich aktualisiert.
Bleiben Sie einen Schritt voraus mit den neuesten kritischen Sicherheitslücken.
CVE-2026-5200 - HIGH
20/05/2026
The AcyMailing – An Ultimate Newsletter Plugin and Marketing Automation Solution for WordPress plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 10.8.2. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with subscriber-level access and above, to modify pr...
authorisationproblemOWSAP: A01
CVE-2026-9057 - HIGH
20/05/2026
A broken access control issue has been identified in the Talend Administration Center, that allows a user with “View” permission to modify the Talend Studio update URL. This issue was resolved in a patch, which is already available.
CVE-2026-7522 - HIGH
20/05/2026
The Advanced Database Cleaner – Premium plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 4.1.0 via the 'template' parameter. This makes it possible for authenticated attackers, with Subscriber-level access and above, to include and execute arbitrary .php files on the server, allowing the execution of any PHP code in those files. This can be used to byp...
OWSAP: A03
CVE-2026-7637 - CRITICAL
20/05/2026
The Boost plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 2.0.3 via deserialization of untrusted input in the STYXKEY-BOOST_USER_LOCATION cookie. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable software, which means this vulnerability has no impact unless another plugin or them...
OWSAP: A08
CVE-2026-24207 - CRITICAL
20/05/2026
NVIDIA Triton Inference Server contains a vulnerability where an attacker could cause an authentication bypass. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, denial of service, or information disclosure.
OWSAP: A07
CVE-2026-7467 - HIGH
20/05/2026
The Read More & Accordion plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3.5.7. This is due to the 'RadMoreAjax::importData' function not restricting which database tables can be written to during import and not properly validating the imported data. This makes it possible for authenticated attackers, with permission granted by the site owner throu...
priviliegemanagementOWSAP: A04
CVE-2026-7284 - CRITICAL
20/05/2026
The Easy Elements for Elementor – Addons & Website Templates plugin for WordPress is vulnerable to privilege escalation via user registration in all versions up to, and including, 1.4.4. This is due to the 'easyel_handle_register' function not restricting what user roles a user can register with. This makes it possible for unauthenticated attackers to supply the 'administrator' role during regis...
priviliegemanagementOWSAP: A04
CVE-2026-6555 - CRITICAL
20/05/2026
The ProSolution WP Client plugin for WordPress is vulnerable to Arbitrary File Upload in versions up to, and including, 2.0.0. This is due to an array validation mismatch where only the first file in the upload array undergoes extension and MIME type validation, while all files are processed and uploaded to a web-accessible directory. This makes it possible for unauthenticated attackers to upload ...
fileinclusionOWSAP: A04
CVE-2026-6456 - HIGH
20/05/2026
The Account Switcher plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.0.2. This is due to the `rememberLogin` REST API endpoint using a loose comparison (`!=` instead of `!==`) for secret validation at `app/RestAPI.php:111`, combined with no validation that the secret is non-empty. When a target user has never used the "Remember me" feature, their ...
authorisationproblemOWSAP: A07
CVE-2026-34241 - HIGH
19/05/2026
CtrlPanel is open-source billing software for hosting providers. Versions 1.1.1 and prior contain a Stored Cross-Site Scripting (XSS) vulnerability in the ticket reply notification system. Unsanitized reply content ($newmessage) is stored directly in database notification payloads and later rendered unescaped via Blade's {!! !!} syntax in the recipient's browser. The flaw exists in both App\Notifi...
crosssitescriptingOWSAP: A03
CVE-2026-34234 - CRITICAL
19/05/2026
CtrlPanel is open-source billing software for hosting providers. In versions 1.1.1 and prior, the web-based installer (public/installer/index.php) is vulnerable to unauthenticated Remote Code Execution (RCE) because it performs the install.lock check only after including and executing form handler files, leaving installer endpoints reachable on already-installed instances. The handlers also pass u...
oscommandinjectionOWSAP: A03OWSAP: A01
CVE-2026-32740 - HIGH
19/05/2026
libheif is a HEIF and AVIF file format decoder and encoder. Versions 1.21.2 and prior contain a heap-buffer-overflow (write) vulnerability in the grid tile compositing, allowing an attacker to write 64 bytes of fully attacker-controlled data past the end of a chroma plane heap allocation by crafting a HEIF/AVIF file with a 1×4 grid of odd-height tiles. The overflow is triggered during normal imag...
overflow
CVE-2026-27173 - HIGH
19/05/2026
JWT tokens that were used by workers in Kubernetes Executors have been exposed to users who had read only access to Kuberentes Pods. This could allow users with just read-only access to perform actions that were only available to running tasks via Task SDK and potentially allow to modify state of Airflow Database for tasks.
OWSAP: A01
CVE-2026-33642 - CRITICAL
19/05/2026
Kitty is a cross-platform GPU based terminal. In versions 0.46.2 and below, the handle_compose_command() function in kitty/graphics.c performs bounds validation on composition offsets using unsigned 32-bit arithmetic that is subject to integer wrapping, potentially leading to Heap Buffer Over-Read/Write. An attacker who can write escape sequences to a kitty terminal (e.g., via a malicious file, SS...
overflow
CVE-2026-8370 - HIGH
19/05/2026
Execution with unnecessary privileges vulnerability in Broadcom Automic Automation Agent Unix on Linux x64, Linux Power 64 BE, Linux Power 64 LE, zLinux (zSeries), AIX, Solaris x64, Solaris Sparc 64 allows Privilege Escalation, Target Programs with Elevated Privileges. This issue affects Automic Automation: < 24.4.4 HF1.
priviliegemanagement
CVE-2026-47107 - CRITICAL
19/05/2026
Windmill prior to 1.703.2 contains an incorrect default permissions vulnerability in nsjail sandbox configuration files where /etc is bind-mounted without read-write restrictions, allowing authenticated users to write arbitrary entries to /etc/hosts, /etc/resolv.conf, and /etc/ssl/certs/ca-certificates.crt from within script execution sandboxes. Attackers can exploit persistent poisoned entries ac...
OWSAP: A01
CVE-2026-36829 - CRITICAL
19/05/2026
An authentication bypass vulnerability exists in the embedded HTTP server of Panabit PAP-XM320 up to and including v7.7. The server validates session cookies using a filesystem existence check based on a user-controlled cookie value without proper sanitization, allowing directory traversal and bypass of authentication.
directorytraversalauthorisationproblemOWSAP: A01OWSAP: A07
CVE-2026-36828 - HIGH
19/05/2026
A command injection vulnerability exists in the /cgi-bin/tools/ajax_cmd endpoint of Panabit PAP-XM320 up to and including v7.7. The CGI component allows authenticated users to execute arbitrary shell commands with root privileges via the action=runcmd parameter.
oscommandinjectionOWSAP: A03
CVE-2026-8602 - HIGH
19/05/2026
In ScadaBR version 1.2.0, a Missing Authentication for Critical Function vulnerability could allow an unauthenticated attacker to send a HTTP GET requests to the SCADA system and inject arbitrary sensor readings.
authorisationproblemOWSAP: A07
CVE-2026-5804 - HIGH
19/05/2026
An improper authentication vulnerability was discovered in the Motorola Factory Test component (com.motorola.motocit). The application contained a reference to a writable file descriptor in external storage which could be used by third party apps running on the device to open a TCP server, exposing sensitive permissions and data. This could allow a local attacker to bypass permission checks an...
