Threat Intelligence Feed

Aggregating 4012 articles from trusted cybersecurity sources

/
LATEST CVEs
CVE-2026-5721 The wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin plugin for WordPress is vulnerable to Stor CVE-2026-34082 Dify is an open-source LLM app development platform. Prior to 1.13.1, the method `DELETE /console/api/installed-apps/<ap CVE-2026-6729 HKUDS OpenHarness prior to PR #159 remediation contains a session key derivation vulnerability that allows authenticated CVE-2026-29643 XiangShan (Open-source high-performance RISC-V processor) commit edb1dfaf7d290ae99724594507dc46c2c2125384 (2024-11-28) c CVE-2026-22051 StorageGRID (formerly StorageGRID Webscale) versions prior to 11.9.0.13 and 12.0.0.6 are susceptible to a Information Di CVE-2026-0930 Potential read out of bounds case with wolfSSHd on Windows while handling a terminal resize request. An authenticated us CVE-2026-5928 Calling the ungetwc function on a FILE stream with wide characters encoded in a character set that has overlaps between CVE-2026-5450 Calling the scanf family of functions with a %mc (malloc'd character match) in the GNU C Library version 2.7 to version CVE-2026-5358 The obsolete nis_local_principal function in the GNU C Library version 2.43 and older may overflow a buffer in the data CVE-2026-4852 The Image Source Control Lite – Show Image Credits and Captions plugin for WordPress is vulnerable to Stored Cross-Site CVE-2026-34403 Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.5, all WebSocket endpoints in nginx-ui u CVE-2026-33626 LMDeploy is a toolkit for compressing, deploying, and serving large language models. Versions prior to 0.12.3 have a Ser CVE-2026-33432 Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions up to and including 8 CVE-2026-33431 Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Prior to version 8.2.6.4, the POS CVE-2026-33031 Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.4, a user who was disabled by an adminis CVE-2026-32613 Spinnaker is an open source, multi-cloud continuous delivery platform. Echo like some other services, uses SPeL (Spring CVE-2026-32604 Spinnaker is an open source, multi-cloud continuous delivery platform. In versions prior to 2026.1.0, 2026.0.1, 2025.4.2 CVE-2026-29648 In OpenXiangShan NEMU, when Smstateen is enabled, clearing mstateen0.ENVCFG does not correctly restrict access to henvcf CVE-2026-29647 In OpenXiangShan NEMU, insufficient Smstateen permission enforcement allows lower-privileged code to access IMSIC state CVE-2026-29646 In OpenXiangShan NEMU prior to 55295c4, when running with RVH (Hypervisor extension) enabled, a VS-mode guest write to t CVE-2026-29642 A local attacker who can execute privileged CSR operations (or can induce firmware to do so) performs carefully crafted CVE-2026-6550 Cryptographic algorithm downgrade in the caching layer of Amazon AWS Encryption SDK for Python before version 3.3.1 and CVE-2026-6257 Vvveb CMS v1.0.8 contains a remote code execution vulnerability in its media management functionality where a missing re CVE-2026-6249 Vvveb CMS 1.0.8 contains a remote code execution vulnerability in its media upload handler that allows authenticated att CVE-2026-5478 The Everest Forms plugin for WordPress is vulnerable to Arbitrary File Read and Deletion in all versions up to, and incl CVE-2026-32311 Flowsint is an open-source OSINT graph exploration tool designed for cybersecurity investigation, transparency, and veri CVE-2026-32135 NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform. Versions prior to 0.24.11 have a remotely triggera CVE-2026-29649 NEMU contains an implementation flaw in its RISC-V Hypervisor CSR handling where henvcfg[7:4] (CBIE/CBCFE/CBZE-related f CVE-2026-29645 NEMU (OpenXiangShan/NEMU) before v2025.12.r2 contains an improper instruction-validation flaw in its RISC-V Vector (RVV) CVE-2026-6248 The wpForo Forum plugin for WordPress is vulnerable to Arbitrary File Deletion in versions up to and including 3.0.5. Th CVE-2026-6060 A vulnerability in the SQL Box in the admin interface of OTRS leads to an uncontrolled resource consumption leading to a CVE-2025-11249 Rejected reason: This CVE id was assigned as a duplicate of CVE-2025-66414. CVE-2026-41389 OpenClaw versions 2026.4.7 before 2026.4.15 fail to enforce local-root containment on tool-result media paths, allowing CVE-2026-39112 Cross Site Scripting vulnerability in Apartment Visitors Management System Apartment Visitors Management System V1.1 in CVE-2026-39111 SQL Injection vulnerability in Apartment Visitors Management System Apartment Visitors Management System V1.1 in the ema CVE-2026-39110 SQL Injection vulnerability in Apartment Visitors Management System Apartment Visitors Management System V1.1 in the con CVE-2026-39109 SQL Injection vulnerability in Apartment Visitors Management System Apartment Visitors Management System V1.1 within the CVE-2026-26399 A stack-use-after-return issue exists in the Arduino_Core_STM32 library prior to version 1.7.0. The pwm_start() function CVE-2026-23758 GFI HelpDesk before 4.99.9 contains a stored cross-site scripting vulnerability in the ticket subject field that allows CVE-2026-23757 GFI HelpDesk before 4.99.10 contains a stored cross-site scripting vulnerability in the Reports module where the title p
1709 General 476 Vulnerability Disclosure 462 CVE 327 Campaigns 223 Data Breach 209 Malware

Trending Vendors

Microsoft (367) Google (247) Apple (178) Amazon (151) Intel (131) Cisco (102) Cloudflare (48) Fortinet (43) GitHub (43) Linux (39) Oracle (35) Palo Alto Networks (34) F5 (31) Check Point (30) WordPress (30)

Latest News

Data Breaches

SecurityWeek Data Breach

Next.js Creator Vercel Hacked

Vercel confirmed suffering a breach after a hacker claiming to be part of ShinyHunters offered to sell stolen data for $2 million. The post Next.

SecurityWeek →