Threat Intelligence Feed

Aggregating 4212 articles from trusted cybersecurity sources

/
LATEST CVEs
CVE-2026-4049 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. CVE-2026-41455 WeKan before 8.35 contains a server-side request forgery vulnerability in webhook integration URL handling where the url CVE-2026-41454 WeKan before 8.35 contains a missing authorization vulnerability in the Integration REST API endpoints that allows authe CVE-2026-41314 pypdf is a free and open-source pure-python PDF library. An attacker who uses a vulnerability present in versions prior CVE-2026-41313 pypdf is a free and open-source pure-python PDF library. An attacker who uses a vulnerability present in versions prior CVE-2026-41312 pypdf is a free and open-source pure-python PDF library. An attacker who uses a vulnerability present in versions prior CVE-2026-41177 Squidex is an open source headless content management system and content management hub. Prior to version 7.23.0, the Sq CVE-2026-41175 Statamic is a Laravel and Git powered content management system (CMS). Prior to versions 5.73.20 and 6.13.0, manipulatin CVE-2026-41172 Squidex is an open source headless content management system and content management hub. Prior to version 7.23.0, an SSR CVE-2026-41171 Squidex is an open source headless content management system and content management hub. Versions prior to 7.23.0 have a CVE-2026-41170 Squidex is an open source headless content management system and content management hub. Prior to version 7.23.0, the `R CVE-2026-40517 radare2 prior to 6.1.4 contains a command injection vulnerability in the PDB parser's print_gvars() function that allows CVE-2026-41168 pypdf is a free and open-source pure-python PDF library. An attacker who uses a vulnerability present in versions prior CVE-2026-41167 Jellystat is a free and open source Statistics App for Jellyfin. Prior to version 1.1.10, multiple API endpoints in Jell CVE-2026-41166 OpenRemote is an open-source internet-of-things platform. Prior to version 1.22.1, a user who has `write:admin` in one K CVE-2026-41134 Kiota is an OpenAPI based HTTP Client code generator. Versions prior to 1.31.1 are affected by a code-generation literal CVE-2026-40937 RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-alpha.94, all four notification target admin CVE-2026-40882 OpenRemote is an open-source internet-of-things platform. Prior to version 1.22.0, the Velbus asset import path parses a CVE-2026-3837 An authenticated attacker can persist crafted values in multiple field types and trigger client-side script execution wh CVE-2026-34068 nimiq-transaction provides the transaction primitive to be used in Nimiq's Rust implementation. Prior to version 1.3.0, CVE-2026-34067 nimiq-transaction provides the transaction primitive to be used in Nimiq's Rust implementation. Prior to version 1.3.0, CVE-2026-33733 EspoCRM is an open source customer relationship management application. Prior to version 9.3.4, the admin template manag CVE-2026-33656 EspoCRM is an open source customer relationship management application. Prior to version 9.3.4, EspoCRM's built-in formu CVE-2026-6019 http.cookies.Morsel.js_output() returns an inline <script> snippet and only escapes " for JavaScript string context. It CVE-2026-3673 An authenticated attacker can store a crafted tag value in _user_tags and trigger JavaScript execution when a victim ope CVE-2026-34066 nimiq-blockchain provides persistent block storage for Nimiq's Rust implementation. Prior to version 1.3.0, `HistoryStor CVE-2026-34065 nimiq-primitives contains primitives (e.g., block, account, transaction) to be used in Nimiq's Rust implementation. Prio CVE-2026-34064 nimiq-account contains account primitives to be used in Nimiq's Rust implementation. Prior to version 1.3.0, `VestingCon CVE-2026-34063 Nimiq's network-libp2p is a Nimiq network implementation based on libp2p. Prior to version 1.3.0, `network-libp2p` disco CVE-2026-34062 nimiq-libp2p is a Nimiq network implementation based on libp2p. Prior to version 1.3.0, `MessageCodec::read_request` and CVE-2026-33471 nimiq-block contains block primitives to be used in Nimiq's Rust implementation. `SkipBlockProof::verify` computes its q CVE-2026-41469 Beghelli Sicuro24 SicuroWeb does not enforce a Content Security Policy, allowing unrestricted loading of external JavaSc CVE-2026-41468 Beghelli Sicuro24 SicuroWeb embeds AngularJS 1.5.2, an end-of-life component containing known sandbox escape primitives. CVE-2026-41459 Xerte Online Toolkits versions 3.15 and earlier contain an information disclosure vulnerability that allows unauthentica CVE-2026-34415 Xerte Online Toolkits versions 3.15 and earlier contain an incomplete input validation vulnerability in the elFinder con CVE-2026-34414 Xerte Online Toolkits versions 3.15 and earlier contain a relative path traversal vulnerability in the elFinder connecto CVE-2026-34413 Xerte Online Toolkits versions 3.15 and earlier contain a missing authentication vulnerability in the elFinder connector CVE-2026-28950 A logging issue was addressed with improved data redaction. This issue is fixed in iOS 18.7.8 and iPadOS 18.7.8, iOS 26. CVE-2026-26354 Dell PowerProtect Data Domain with Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.6, LTS2 CVE-2026-6515 GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2 before 18.9.6, 18.10 before 18.10.4, and
1795 General 495 Vulnerability Disclosure 481 CVE 342 Campaigns 236 Data Breach 223 Malware

Trending Vendors

Microsoft (398) Google (253) Apple (183) Amazon (163) Intel (138) Cisco (103) Cloudflare (48) GitHub (45) Fortinet (44) Linux (40) Oracle (40) Palo Alto Networks (35) Check Point (31) F5 (31) WordPress (31)

Latest News

CISA Advisories Vulnerability Disclosure

Siemens Heliox EV Chargers

View CSAF Summary Heliox EV Chargers listed below contain improper access control vulnerability that could allow an attacker to reach unauthorized services v...

CISA Advisories →

Data Breaches