Threat Intelligence Feed

Aggregating 4071 articles from trusted cybersecurity sources

/
LATEST CVEs
CVE-2026-5921 A server-side request forgery (SSRF) vulnerability was identified in GitHub Enterprise Server that allowed an attacker t CVE-2026-5845 An improper authorization vulnerability in scoped user-to-server (ghu_) token authorization in GitHub Enterprise Server CVE-2026-5512 An improper authorization vulnerability was identified in GitHub Enterprise Server that allowed an authenticated attacke CVE-2026-4872 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. CVE-2026-4821 An improper neutralization of special elements vulnerability was identified in GitHub Enterprise Server that allowed an CVE-2026-4296 An incorrect regular expression vulnerability was identified in GitHub Enterprise Server that allowed an attacker to byp CVE-2026-41063 WWBN AVideo is an open source video platform. In versions 29.0 and below, an incomplete XSS fix in AVideo's `ParsedownSa CVE-2026-41062 WWBN AVideo is an open source video platform. In versions 29.0 and below, the directory traversal fix introduced in comm CVE-2026-41061 WWBN AVideo is an open source video platform. In versions 29.0 and below, the `isValidDuration()` regex at `objects/vide CVE-2026-41060 WWBN AVideo is an open source video platform. In versions 29.0 and below, the `isSSRFSafeURL()` function in `objects/fun CVE-2026-41058 WWBN AVideo is an open source video platform. In versions 29.0 and below, the incomplete fix for AVideo's CloneSite `del CVE-2026-41057 WWBN AVideo is an open source video platform. In versions 29.0 and below, the CORS origin validation fix in commit `986e CVE-2026-41056 WWBN AVideo is an open source video platform. In versions 29.0 and below, the `allowOrigin($allowAll=true)` function in CVE-2026-41055 WWBN AVideo is an open source video platform. In versions 29.0 and below, an incomplete SSRF fix in AVideo's LiveLinks p CVE-2026-40935 WWBN AVideo is an open source video platform. In versions 29.0 and prior, `objects/getCaptcha.php` accepts the CAPTCHA l CVE-2026-40929 WWBN AVideo is an open source video platform. In versions 29.0 and prior, `objects/commentDelete.json.php` is a state-mu CVE-2026-40928 WWBN AVideo is an open source video platform. In versions 29.0 and prior, multiple AVideo JSON endpoints under `objects/ CVE-2026-40926 WWBN AVideo is an open source video platform. In versions 29.0 and prior, three admin-only JSON endpoints — `objects/cat CVE-2026-3307 An authorization bypass vulnerability was identified in GitHub Enterprise Server that allowed an attacker with admin acc CVE-2026-6832 Hermes WebUI contains an arbitrary file deletion vulnerability in the /api/session/delete endpoint that allows authentic CVE-2026-6830 nesquena hermes-webui contains an environment variable leakage vulnerability where profile switching does not clear envi CVE-2026-6829 nesquena hermes-webui contains a trust-boundary failure vulnerability that allows authenticated attackers to set or chan CVE-2026-6799 A security flaw has been discovered in Comfast CF-N1-S 2.6.0.1. Affected by this issue is some unknown functionality of CVE-2026-41527 KDE Kleopatra before 26.08.0 on Windows allows local users to obtain the privileges of a Kleopatra user, because there i CVE-2026-40946 Oxia is a metadata store and coordination system. Prior to 0.16.2, the OIDC authentication provider unconditionally sets CVE-2026-40945 Oxia is a metadata store and coordination system. Prior to 0.16.2, when OIDC authentication fails, the full bearer token CVE-2026-40944 Oxia is a metadata store and coordination system. Prior to 0.16.2, the trustedCertPool() function in the TLS configurati CVE-2026-40943 Oxia is a metadata store and coordination system. Prior to 0.16.2, a race condition between session heartbeat processing CVE-2026-40942 The Data Sharing Framework (DSF) implements a distributed process engine based on the BPMN 2.0 and FHIR R4 standards. Pr CVE-2026-40939 The Data Sharing Framework (DSF) implements a distributed process engine based on the BPMN 2.0 and FHIR R4 standards. Pr CVE-2026-40933 Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, due to unsafe s CVE-2026-40931 Compressing is a compressing and uncompressing lib for node. Prior to 2.1.1 and 1.10.5, the patch for CVE-2026-24884 rel CVE-2026-40706 In NTFS-3G 2022.10.3 before 2026.2.25, a heap buffer overflow exists in ntfs_build_permissions_posix() in acls.c that al CVE-2026-1354 Zero Motorcycles firmware versions 44 and prior enable an attacker to forcibly pair a device with the motorcycle via Bl CVE-2026-6823 HKUDS OpenHarness prior to PR #147 remediation contains an insecure default configuration vulnerability where remote cha CVE-2026-6797 A vulnerability was identified in Sanluan PublicCMS up to 6.202506.d. Affected by this vulnerability is the function Zip CVE-2026-6796 A vulnerability was determined in Sanluan PublicCMS up to 6.202506.d. Affected is the function log_login of the file cor CVE-2026-40938 Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. From 1.0.0 to before 1.11.0, CVE-2026-40927 Docmost is open-source collaborative wiki and documentation software. Prior to 0.80.0, when leaving a comment on a page, CVE-2026-40925 WWBN AVideo is an open source video platform. In versions 29.0 and prior, `objects/configurationUpdate.json.php` (also r
1717 General 487 Vulnerability Disclosure 471 CVE 333 Campaigns 229 Data Breach 216 Malware

Trending Vendors

Microsoft (383) Google (248) Apple (176) Amazon (157) Intel (135) Cisco (103) Cloudflare (48) Fortinet (44) GitHub (44) Linux (39) Oracle (35) Palo Alto Networks (33) Check Point (31) F5 (31) WordPress (30)

Latest News

CSO Online General

Escaping the COTS trap

Over the years, enterprise cybersecurity environments have accumulated staggering numbers of commercial tools. Industry research converges on a consistent pi...

CSO Online →

Data Breaches