Skip to content
Auto-CTI

What has changed?

Comparing 6 May 2026 with the previous day 5 May 2026.

Newly added

18
NEW Vaultwarden
20

CVE-2026-31835

An attacker with only password knowledge can permanently disable WebAuthn 2FA for a user by corrupting backup flags before signature validation—patch immediately to prevent persistent MFA denial.

High EPSS 0%
NEW Vaultwarden
20

CVE-2026-33420

Manager-role users can enumerate all organizational collections and user/group mappings without explicit collection access, enabling targeted credential theft or social engineering against specific teams.

High EPSS 0%
NEW OpenSSL
20

[UPDATE] OpenSSL: Mehrere Schwachstellen

BSI official advisory signals coordinated vulnerability disclosure affecting critical crypto library across DACH infrastructure; patch urgency depends on CVSS/KEV status not provided in this alert.

High
NEW Linux
20

Linux Kernel: Mehrere Schwachstellen

BSI official advisory on multiple kernel flaws affecting Ubuntu deployments; local exploitation path requires access but potential RCE warrants urgent patching review across ESXi hypervisors and Ubuntu guest VMs.

High
NEW Intel
20

[UPDATE] Intel Prozessoren: Mehrere Schwachstellen

BSI formal advisory on Intel processor vulnerabilities signals German federal agency assessment; affects manufacturing environment running Windows Server and virtualized infrastructure.

High
NEW Oracle
0

[UPDATE] Oracle MySQL: Mehrere Schwachstellen

BSI advisory signals multiple MySQL vulnerabilities affecting confidentiality, integrity, and availability; requires patch assessment if MySQL is deployed in non-stated but common manufacturing IT infrastructure.

Medium

Newly KEV-listed

0

No changes in this category.

Score moved

0

No changes in this category.

No longer in report

23
NEW PLC manufacturer (unspecified in alert)
100

CVE-2026-25293

Critical CVSS 9.6 EPSS 0%
NEW Microsoft
62

Patch Tuesday - April 2026

April 2026 patch cycle includes zero-day fixes for SharePoint spoofing, Defender elevation-of-privilege, and Windows IKE pre-auth RCE—all directly relevant to manufacturing operations relying on AD, Remote Desktop Gateway, and Defender for Endpoint.

Medium CVSS 6.5 EPSS 7%
NEW Microsoft, Google, Adobe
52

Patch Tuesday, April 2026 Edition

BlueHammer (Windows Defender zero-day) and SharePoint Server zero-day represent actively exploited flaws requiring immediate patching ahead of standard patch cycles.

Critical
NEW Microsoft
20

Microsoft Windows - Kritische Schwachstelle in Windows OLE

BSI RSS feed publication indicates German federal cybersecurity authority has flagged this as critical for DACH organizations; OLE vulnerabilities commonly exploited in supply-chain and manufacturing sector attacks.

High
ESC