/

Threat Intelligence Feed

Aggregating 4508 articles from trusted cybersecurity sources

/
All General Vulnerability Disclosure CVE Campaigns Data Breach Malware Zero-Day Ransomware
LATEST CVEs
CVE-2026-9669 bz2.BZ2Decompressor objects could be reused after a decompression error. If an application caught the resulting OSError CVE-2026-44541 Fides is an open-source privacy engineering platform. From version 2.33.0 to before version 2.84.5, there is a DOM-based CVE-2026-40215 A race condition in OpenVPN 2.6.0 through 2.6.19 and 2.7_alpha1 through 2.7.1 allows remote attackers to potentially cau MED · CVE-2026-11585 A vulnerability was determined in CodeAstro Student Attendance Management System 1.0. Affected is an unknown function of HIGH · CVE-2026-49141 WACRM prior to commit 73041bf contain an authorization bypass vulnerability in the automation engine that allows authent CVE-2026-47345 Namespace attributes are not encoded correctly during HTML serialization. This allows bypassing the cross-site scripting CVE-2026-47344 When ALLOW_INSECURE_RAW_TEXT is enabled, whitespace-variant closing tags (e.g., </style\t>) are not recognized by the sa HIGH · CVE-2026-46484 Headplane is a feature-complete Web UI for Headscale. Prior to versions 0.6.3 and 0.7.0-beta.3, Headplane was vulnerable HIGH · CVE-2026-40519 Nginx Proxy Manager versions 2.9.14 through 2.15.1, fixed in commit a5db5ed, contain an authenticated remote code execut CVE-2026-35058 Improper validation of packet length during tls-crypt-v2 key extraction in OpenVPN 2.6.0 through 2.6.19 and 2.7_alpha1 t MED · CVE-2026-11584 A vulnerability was found in CodeAstro Student Attendance Management System 1.0. This impacts an unknown function of the MED · CVE-2026-11583 A vulnerability has been found in CodeAstro Student Attendance Management System 1.0. This affects an unknown function o HIGH · CVE-2026-11582 A flaw has been found in CodeAstro Student Attendance Management System 1.0. The impacted element is an unknown function CRIT · CVE-2026-52778 YesWiki is a wiki system written in PHP. Prior to version 4.6.6, an unsafe execution vulnerability exists in the Bazar f HIGH · CVE-2026-46490 samlify is a Node.js library for SAML single sign-on. Prior to version 2.13.0, samlify’s template substitution only esca CVE-2026-46486 MVT (Mobile Verification Toolkit) helps with conducting forensics of mobile devices in order to find signs of a potentia MED · CVE-2026-11559 A vulnerability was detected in CodeAstro Payroll System 1.0. This affects an unknown function of the file /view_account MED · CVE-2026-11558 A security vulnerability has been detected in CodeAstro Payroll System 1.0. The impacted element is an unknown function HIGH · CVE-2026-11557 A weakness has been identified in Tenda F451 1.0.0.7/1.0.0.9. The affected element is the function fromNatlimit of the f CRIT · CVE-2026-11393 Improper neutralization of triple-quote characters during Python code generation in AgentCore CLI before v0.14.2 might a MED · CVE-2026-10787 Missing authorization in the deleted user groups API in Devolutions Server allows an authenticated low-privileged user t MED · CVE-2026-10786 Improper access control in the ticketing integration settings in Devolutions Server allows an authenticated low-privileg MED · CVE-2026-10544 Improper neutralization of special elements in the built-in PAM provider password rotation templates in Devolutions Serv CVE-2026-8913 A command Injection vulnerability exists in the WireGuard client configuration of Archer MR600 v5 due to improper neutra HIGH · CVE-2026-11556 A security flaw has been discovered in Tenda F451 1.0.0.7/1.0.0.9. Impacted is the function formWriteFacMac of the file CVE-2026-11555 A vulnerability was identified in D-Link DGS-1100-08PD 1.00.006. This issue affects some unknown processing of the file MED · CVE-2026-11554 A vulnerability was determined in TOTOLINK CP450 4.1.0cu.747. This vulnerability affects unknown code of the file /etc/v HIGH · CVE-2026-11553 A vulnerability was found in Tenda HG7HG9 and HG10 300001138_en_xpon. This affects the function formPPPEdit of the file MED · CVE-2026-11552 A vulnerability has been found in SourceCodester Onlne Examination & Learning Management System and Syllabus-aligned Lea HIGH · CVE-2026-48507 Snipe-IT is an IT asset/license management system. A vulnerability in versions prior to 8.6.0 allows a non-admin user ho HIGH · CVE-2026-46481 OpenMetadata is a unified metadata platform. Prior to version 1.12.4, a non-admin SSO user can trigger a TEST_CONNECTION CVE-2026-46314 In the Linux kernel, the following vulnerability has been resolved: drm/v3d: Reject empty multisync extension to preven CVE-2026-46313 In the Linux kernel, the following vulnerability has been resolved: media: intel/ipu6: fix error pointer dereference I CVE-2026-46312 In the Linux kernel, the following vulnerability has been resolved: media: videobuf2: Set vma_flags in vb2_dma_sg_mmap CVE-2026-46311 In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/userq: fix access to stale wptr mapping CVE-2026-46310 In the Linux kernel, the following vulnerability has been resolved: media: renesas: vsp1: Fix NULL pointer deref on mod CVE-2026-46309 In the Linux kernel, the following vulnerability has been resolved: drm/xe/uapi: Reject coh_none PAT index for CPU cach CVE-2026-46308 In the Linux kernel, the following vulnerability has been resolved: pmdomain: mediatek: fix use-after-free in scpsys_ge CVE-2026-46307 In the Linux kernel, the following vulnerability has been resolved: wifi: ath5k: do not access array OOB Vincent repor CVE-2026-46306 In the Linux kernel, the following vulnerability has been resolved: flow_dissector: do not dissect PPPoE PFC frames RF
1897 General 581 Vulnerability Disclosure 536 CVE 353 Campaigns 245 Data Breach 226 Malware

Trending Vendors

Microsoft (534) Google (272) Amazon (188) Intel (136) Apple (119) Cisco (107) Linux (106) Palo Alto Networks (90) GitHub (83) Oracle (47) WordPress (39) Check Point (37) Cloudflare (32) Rapid7 (32) Trend Micro (25)

Latest News

Rapid7 Blog Advisory Microsoft NEW

Patch Tuesday - June 2026

Microsoft is publishing 200 vulnerabilities on June 2026 Patch Tuesday. Microsoft is not aware of exploitation in the wild for any of these vulnerabilities, ...

Rapid7 Blog →

Data Breaches

FreeIntelHub · Open-source CTI platform

All articles belong to their respective owners. FreeIntelHub aggregates publicly available RSS feeds for informational purposes only. DMCA