/

Threat Intelligence Feed

Aggregating 6240 articles from trusted cybersecurity sources

/
All General Vulnerability Disclosure CVE Campaigns Data Breach Malware Ransomware Zero-Day
LATEST CVEs
HIGH · CVE-2026-56414 A vulnerability exists in H.View IP cameras certificate-related upload interfaces allow authenticated users to store arb HIGH · CVE-2026-55975 A vulnerability exists in H.View IP cameras that could allow an authenticated user to supply unsanitized XML fields to t HIGH · CVE-2026-33560 The DMP-5000 file service exposes authenticated arbitrary file upload functionality. There are exposed endpoints which a HIGH · CVE-2026-31928 The DMP-5000 devices are shipped with a default administrative web account with weak authentication controls, which are CRIT · CVE-2026-28701 Various versions of Daktronics Controller Firmware could allow authenticated and unauthenticated remote users to escape HIGH · CVE-2026-55069 Kestra is an open-source, event-driven orchestration platform. Prior to 1.3.24, this vulnerability exists in the BasicAu MED · CVE-2026-53577 Kestra is an open-source, event-driven orchestration platform. Prior to 1.0.45 and 1.3.21, the previewFileFromExecution CRIT · CVE-2026-53576 Kestra is an open-source, event-driven orchestration platform. Prior to 1.0.45 and 1.3.21, the authentication filter for CVE-2026-50767 A stored cross-site scripting (XSS) vulnerability in the item type administration page of Koha Library Management System CVE-2026-50766 A stored cross-site scripting (XSS) vulnerability in the OPAC item detail page of Koha Library Management System through CVE-2026-50765 Cross-Site Scripting (XSS) vulnerability in the patron restriction type administration page of Koha Library Management S HIGH · CVE-2026-49984 Kestra is an open-source, event-driven orchestration platform. Prior to 1.0.45 and 1.3.23, the local internal-storage ba CRIT · CVE-2026-49869 Kestra is an open-source, event-driven orchestration platform. Prior to 1.0.45 and 1.3.21, AuthenticationFilter in Kestr HIGH · CVE-2026-45807 Kestra is an open-source, event-driven orchestration platform. Prior to 1.0.43 and 1.3.19, several Kestra API endpoints CVE-2026-38571 Cleartext storage and exposure of WPA2 credentials, and missing authentication on the rr/wr memory read/write commands, CVE-2026-36908 A stack overflow in the AP4_Array<AP4_TrunAtom::Entry>::EnsureCapacity component of axiomatic-systems Bento4 before v1.8 CVE-2026-36907 A stack overflow in the AP4_StsdAtom::AP4_StsdAtom component of axiomatic-systems Bento4 before v1.8.9allows attackers t CVE-2026-36478 An issue in Technitium DNS Server v.14.3 and before allows a remote attacker to cause a denial of service via the DnsSer HIGH · CVE-2026-54353 Budibase is an open-source low-code platform. Prior to 3.39.9, authenticated users with automation permissions can bypas CRIT · CVE-2026-54352 Budibase is an open-source low-code platform. Prior to 3.39.9, `POST /api/pwa/process-zip` at packages/server/src/api/ro HIGH · CVE-2026-54351 Budibase is an open-source low-code platform. Prior to 3.39.9, the webhook trigger endpoint in Budibase is publicly acce CRIT · CVE-2026-54350 Budibase is an open-source low-code platform. Prior to 3.39.12, an unauthenticated visitor of any published Budibase ap CVE-2026-52885 Notepad++ is a free and open-source source code editor. Prior to 8.9.6.4, NppCommands.cpp checks the HMAC of the on-disk HIGH · CVE-2026-52884 Notepad++ is a free and open-source source code editor. In v8.9.6.1, isInTrustedDirectory() does NOT canonicalize the pa CVE-2026-50137 Budibase is an open-source low-code platform. Prior to 3.39.0, an anonymous attacker who knows or can enumerate a worksp HIGH · CVE-2026-50136 Budibase is an open-source low-code platform. Prior to 3.39.3, the application server exposes an unauthenticated endpoin HIGH · CVE-2026-50132 Budibase is an open-source low-code platform. Prior to 3.39.0, `GET /api/chat-links/:instance/:token/handoff` is a publi HIGH · CVE-2026-48800 Notepad++ is a free and open-source source code editor. Prior to 8.9.6.1, the <Command> tag text content inside <UserDef HIGH · CVE-2026-48778 Notepad++ is a free and open-source source code editor. Prior to 8.9.6.1, the <GUIConfig name="commandLineInterpreter"> MED · CVE-2026-48770 Notepad++ is a free and open-source source code editor. Prior to 8.9.6.1, a local process in the same interactive Window CVE-2026-46710 Notepad++ is a free and open-source source code editor. From 8.9.4 until 8.9.6, Notepad++ contains a local privilege esc CVE-2026-46604 The TIFF decoder can panic when decoding an invalid image with an out-of-bounds strip offset. CVE-2026-39031 Lansweeper lsrunase 2.0 and lsencrypt 2.0 use RC4 encryption with a hardcoded 142-byte static key array to encrypt crede CVE-2026-38641 An issue in the DSO::mmap_and_copy function of relibc commit 61f42d allows attackers to cause a Denial of Service (DoS) CVE-2026-38639 An issue in the parse_month function (/time/strptime.rs) of relibc commit ab6a2e allows attackers to cause a Denial of S MED · CVE-2024-23581 The HCL Traveler for Microsoft Outlook libraries are being flagged as potentially malicious software or an unrecognized MED · CVE-2026-55838 RustFS is a distributed object storage system built in Rust. In 1.0.0-beta.7 and earlier, the real-time metrics endpoint HIGH · CVE-2026-55189 RustFS is a distributed object storage system built in Rust. From 1.0.0-alpha.1 until 1.0.0-beta.9, when the FTP fronten HIGH · CVE-2026-55188 RustFS is a distributed object storage system built in Rust. From 1.0.0-alpha.1 until 1.0.0-beta.9, RustFS contains an a CVE-2026-53324 In the Linux kernel, the following vulnerability has been resolved: net: mana: Use pci_name() for debugfs directory nam
2680 General 745 Vulnerability Disclosure 718 CVE 493 Campaigns 348 Data Breach 323 Malware

Trending Vendors

Microsoft (721) Google (363) Amazon (257) Intel (197) Apple (169) Cisco (140) Linux (127) GitHub (110) Palo Alto Networks (106) Oracle (77) WordPress (59) Check Point (49) Cloudflare (45) Fortinet (44) Rapid7 (37)

Latest News

Data Breaches

FreeIntelHub · Open-source CTI platform

All articles belong to their respective owners. FreeIntelHub aggregates publicly available RSS feeds for informational purposes only. DMCA