Threat Intelligence Feed

Aggregating 3779 articles from trusted cybersecurity sources

/
LATEST CVEs
CVE-2026-6056 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. CVE-2026-41242 protobufjs compiles protobuf definitions into JavaScript (JS) functions. In versions prior to 8.0.1 and 7.5.5, attackers CVE-2026-40948 The Keycloak authentication manager in `apache-airflow-providers-keycloak` did not generate or validate the OAuth 2.0 `s CVE-2026-2986 The Contextual Related Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'other_attributes CVE-2026-2505 The Categories Images plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including CVE-2026-0894 The Content Blocks (Custom Post Widget) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin CVE-2026-41254 Little CMS (lcms2) through 2.18 has an integer overflow in CubeSize in cmslut.c because the overflow check is performed CVE-2026-32690 Secrets in Variables saved as JSON dictionaries were not properly redacted - in case thee variables were retrieved by th CVE-2026-32228 UI / API User with asset materialize permission could trigger dags they had no access to. Users are advised to migrate t CVE-2026-30912 In case of SQL errors, exception/stack trace of errors was exposed in API even if "api/expose_stack_traces" was set to f CVE-2026-30898 An example of BashOperator in Airflow documentation suggested a way of passing dag_run.conf in the way that could cause CVE-2026-25917 Dag Authors, who normally should not be able to execute code in the webserver context could craft XCom payload causing t CVE-2026-41253 In iTerm2 through 3.6.9, displaying a .txt file can cause code execution via DCS 2000p and OSC 135 data, if the working CVE-2026-6518 The CMP – Coming Soon & Maintenance Plugin by NiteoThemes plugin for WordPress is vulnerable to arbitrary file upload an CVE-2026-6048 The Flipbox Addon for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Flipbox widget CVE-2026-4801 The Page Builder Gutenberg Blocks – CoBlocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via exter CVE-2026-40494 SAIL is a cross-platform library for loading and saving images with support for animation, metadata, and ICC profiles. P CVE-2026-40493 SAIL is a cross-platform library for loading and saving images with support for animation, metadata, and ICC profiles. P CVE-2026-40492 SAIL is a cross-platform library for loading and saving images with support for animation, metadata, and ICC profiles. P CVE-2026-40491 gdown is a Google Drive public file/folder downloader. Versions prior to 5.2.2 are vulnerable to a Path Traversal attack CVE-2026-40490 The AsyncHttpClient (AHC) library allows Java applications to easily execute HTTP requests and asynchronously process HT CVE-2026-40489 editorconfig-core-c is an EditorConfig core library for use by plugins supporting EditorConfig parsing. Versions up to CVE-2026-40487 Postiz is an AI social media scheduling tool. Prior to version 2.21.6, a file upload validation bypass allows any authen CVE-2026-35582 Emissary is a P2P based data-driven workflow engine. In versions 8.42.0 and below, Executrix.getCommand() is vulnerable CVE-2026-1838 The Hostel plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'shortcode_id' parameter in all CVE-2026-1559 The Youzify plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'checkin_place_id' parameter in al CVE-2026-40572 NovumOS is a custom 32-bit operating system written in Zig and x86 Assembly. In versions prior to 0.24, Syscall 15 (Memo CVE-2026-40350 Movary is a self hosted web app to track and rate a user's watched movies. Prior to version 0.71.1, an ordinary authenti CVE-2026-40317 NovumOS is a custom 32-bit operating system written in Zig and x86 Assembly. In versions prior to 0.24, Syscall 12 (Jump CVE-2026-35465 SecureDrop Client is a desktop app for journalists to securely communicate with sources and handle submissions on the Se CVE-2026-40593 ChurchCRM is an open-source church management system. In versions prior to 7.2.0, the User Editor (UserEditor.php) rende CVE-2026-40582 ChurchCRM is an open-source church management system. In versions prior to 7.2.0, the /api/public/user/login endpoint va CVE-2026-40581 ChurchCRM is an open-source church management system. In versions prior to 7.2.0, the family record deletion endpoint (S CVE-2026-40485 ChurchCRM is an open-source church management system. In versions prior to 7.2.0, the public API login endpoint (/api/pu CVE-2026-40484 ChurchCRM is an open-source church management system. In versions prior to 7.2.0, the database backup restore functional CVE-2026-40483 ChurchCRM is an open-source church management system. In versions prior to 7.2.0, the Pledge Editor renders donation com CVE-2026-40482 ChurchCRM is an open-source church management system. Versions prior to 7.2.0 have SQL injection in FinancialService::ge CVE-2026-40480 ChurchCRM is an open-source church management system. In versions prior to 7.2.0, the GET /api/person/{personId} endpoin CVE-2026-40349 Movary is a self hosted web app to track and rate a user's watched movies. Prior to version 0.71.1, an ordinary authenti CVE-2026-40348 Movary is a self hosted web app to track and rate a user's watched movies. Prior to version 0.71.1, an ordinary authenti
1594 General 450 CVE 449 Vulnerability Disclosure 307 Campaigns 206 Data Breach 204 Malware

Trending Vendors

Microsoft (346) Google (229) Apple (161) Amazon (143) Intel (123) Cisco (102) Cloudflare (48) Fortinet (43) GitHub (42) Linux (39) Palo Alto Networks (32) F5 (31) Oracle (31) WordPress (30) Check Point (29)

Latest News

Data Breaches