top5hacker_IT-Sicherheit Alarm

Top 5 Hacker-relevante Schwachstellen
Wöchentliches Briefing zu den risikoreichsten Schwachstellen.

Mit den wöchentlich veröffentlichten Top 5 der Schwachstellen, die Hacker für ihre Angriffe hauptsächlich nutzen liefern wir Anwendungsunternehmen wichtige Informationen darüber, wo schnelles Handeln von ihnen gefragt ist.

Dafür wurde ein neuartiger, Entscheidungsbaum-basierter Priorisierungsansatz entwickelt, der es Organisationen ermöglicht, ihre Ressourcen effektiv zuzuweisen, indem sie auf die risikoreichsten Schwachstellen ihren Fokus richten können, um sich gegen die aktuell vorhandenen Gefahrenpotentiale optimal zu schützen.

Dieser Ansatz wird auf Basis von über 100.000 Schwachstellen- und Bedrohungsinformationen trainiert. Er erweitert Industriestandards wie CVSS und EPSS, um das Echtzeitrisiko und den Kontext neuer Schwachstellen besser zu erfassen.

Die „Top 5 Hacker-relevante Schwachstellen“ werden in Kooperation mit dem IT-Sicherheitsanbieter Entryzero veröffentlicht.

Kalenderwoche 13 2026

1745
Total
161
Critical
656
High
576
Medium
56
Low
296
Unknown
Top 5 Schwachstellen
1

Citrix NetScaler ADC and NetScaler Gateway

| Unauthenticated Remote Attack | Out-of-bounds Read Vulnerability |
CVE-2026-3055 EUVD-2026-14546
Details PoC
2

Juniper Junos

| Unauthenticated Remote Attack | Incorrect Permission Assignment Vulnerability |
CVE-2026-21902 EUVD-2026-8693
Details PoC
3

GitLab CE/EE

| Unauthenticated Remote Attack | Cross-Site Request Forgery (CSRF) Vulnerability |
CVE-2026-3857 EUVD-2026-15935
Details
4

Cisco Catalyst SD-WAN Manager

| Unauthenticated Remote Attack | Authentication Bypass Vulnerability |
CVE-2026-20129 EUVD-2026-8677
Details
5

F5 BIG-IP APM

| Unauthenticated Remote Attack | Improper Resource Allocation Vulnerability |
CVE-2025-53521 EUVD-2025-34630
Details

Kalenderwoche 12 2026

1440
Total
122
Critical
458
High
596
Medium
80
Low
184
Unknown
Top 5 Schwachstellen
1

Oracle Identity Manager and Web Services Manager

| Unauthenticated Remote Attack | Missing Authentication Vulnerability |
CVE-2026-21992 EUVD-2026-13486
Details
2

Quest KACE Systems Management Appliance

| Unauthenticated Remote Attack | Authentication Bypass Vulnerability |
CVE-2025-32975 CVE-2025-32976 CVE-2025-32977 CVE-2025-32978 EUVD-2025-19028
Details
3

Langflow (AI Pipeline Builder)

| Unauthenticated Remote Attack | Code Injection Vulnerability |
CVE-2026-33017 EUVD-2026-13556
Details PoC
4

GNU InetUtils telnetd

| Unauthenticated Remote Attack | BSS Buffer Overflow Vulnerability |
CVE-2026-32746 EUVD-2026-12065
Details PoC
5

UniFi Network Application

| Unauthenticated Remote Attack | Path Traversal Vulnerability |
CVE-2026-22557 EUVD-2026-13101
Details PoC

Kalenderwoche 11 2026

1266
Total
109
Critical
472
High
494
Medium
40
Low
151
Unknown
Top 5 Schwachstellen
1

HPE Aruba AOS-CX (CX Switch Series)

| Unauthenticated Remote Attack | Authentication Bypass Vulnerability |
CVE-2026-23813 EUVD-2026-11079
Details
2

FreeScout Help Desk

| Unauthenticated Remote Attack | Unrestricted File Upload Vulnerability |
CVE-2026-28289 EUVD-2026-9347
Details PoC
3

WordPress – WPvivid Backup & Migration

| Unauthenticated Remote Attack | Arbitrary File Upload Vulnerability |
CVE-2026-1357 EUVD-2026-5948
Details PoC
4

Google Chrome / Chromium (V8 Engine)

| Unauthenticated Remote Attack | Code Injection Vulnerability |
CVE-2026-3910 EUVD-2026-11736
Details
5

n8n Workflow Automation

| Unauthenticated Remote Attack | Expression Injection Vulnerability |
CVE-2026-27493 EUVD-2026-8756
Details

Kalenderwoche 10 2026

1397
Total
164
Critical
511
High
390
Medium
42
Low
290
Unknown
Top 5 Schwachstellen
1

Cisco Secure Firewall Management Center

| Unauthenticated Remote Attack | Authentication Bypass and Untrusted Serialization of Data Vulnerabilities |
CVE-2026-20079 CVE-2026-20131 EUVD-2026-9438 EUVD-2026-9444
Details
2

Broadcom VMWare Aria Operations

| Unauthenticated Remote Attack | Command Injection Vulnerability |
CVE-2026-22719 EUVD-2026-8708
Details
3

Rocket.Chat

| Unauthenticated Remote Attack | Improper Authentication Vulnerability |
CVE-2026-28514 EUVD-2026-10050
Details PoC
4

WordPress Contact Form 7

| Unauthenticated Remote Attack | Unrestricted File Upload Vulnerability |
CVE-2026-3459 EUVD-2026-9865
Details
5

SEPPmail Secure Email Gateway

| Unauthenticated Remote Attack | Command Injection Vulnerability |
CVE-2026-27441 EUVD-2026-9377
Details

Kalenderwoche 09 2026

1089
Total
163
Critical
376
High
366
Medium
49
Low
135
Unknown
Top 5 Schwachstellen
1

Sangoma FreePBX

| Authenticated Remote Attack | Command Injection Vulnerability |
CVE-2025-64328 EUVD-2025-38232
Details PoC
2

Cisco Catalyst SD-WAN Controller and Manager

| Unauthenticated Remote Attack | Improper Authentication Vulnerability |
CVE-2026-20127 EUVD-2026-8675
Details PoC
3

Ivanti Endpoint Manager

| Unauthenticated Remote Attack | Authentication Bypass Vulnerability |
CVE-2026-1603 EUVD-2026-6842
Details PoC
4

ServiceNow AI

| Unauthenticated Remote Attack | Improper Isolation Vulnerability |
CVE-2026-0542 EUVD-2026-8719
Details
5

Microsoft Windows Admin Center

| Authenticated Remote Attack | Improper Authentication Vulnerability |
CVE-2026-26119 EUVD-2026-7587
Details