/

Threat Intelligence Feed

Aggregating 4923 articles from trusted cybersecurity sources

/
All General Vulnerability Disclosure CVE Campaigns Data Breach Malware Zero-Day Ransomware
LATEST CVEs
MED · CVE-2026-12175 A vulnerability was detected in CodeAstro Student Attendance Management System 1.0. Impacted is an unknown function of t HIGH · CVE-2026-12174 A security vulnerability has been detected in D-Link DCS-935L 1.10.01. This issue affects the function snprintf of the f CRIT · CVE-2026-12183 Nefteprodukttekhnika BUK TS-G Gas Station Automation System 2.9.1 through 2.10.2 on Linux contains an Improper Authentic HIGH · CVE-2026-6428 SQL Injection in reports/catalogue_out.pl in Koha Community Koha through 22.11.37, 23.x, 24.x before 24.11.16, 25.05.x b HIGH · CVE-2026-5513 The Online Scheduling and Appointment Booking System – Bookly plugin for WordPress is vulnerable to Stored Cross-Site Sc MED · CVE-2026-1291 The Meow Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability che CVE-2026-11624 The Model Context Protocol has a security warning advising servers to validate the "Origin" header on all incoming conne MED · CVE-2026-9629 The Canvas plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tag' parameter in all versions up MED · CVE-2026-3297 The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to Stored Cross-Site Scri MED · CVE-2026-2470 The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to Incorrect Authorizatio MED · CVE-2026-9134 The FooGallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'custom_attribute_key' shortcod HIGH · CVE-2026-9109 The GPTranslate – Multilingual AI Translation for WordPress: Automatically Translate Websites plugin for WordPress is vu CVE-2026-9062 The Store Locator WordPress plugin before 1.6.9 does not validate a parameter before using it in a file path, allowing h CVE-2026-9061 The Store Locator WordPress plugin before 1.6.9 does not sanitize and escape store logo metadata before storing it and o CVE-2026-11769 We have released version 5.24.0 of the Grafana Operator. This patch includes a CRITICAL severity security fix for a path HIGH · CVE-2026-9848 The WP Ticket plugin for WordPress is vulnerable to SQL Injection via the WordPress search query parameter (`s`) in vers MED · CVE-2026-54231 A content injection vulnerability was found in the ABRT post-create event handler scripts in libreport. The event script HIGH · CVE-2026-54230 A symlink following vulnerability was found in the ABRT post-create event handler scripts in libreport. Event scripts wr HIGH · CVE-2026-54229 A race condition was found in the abrt-dbus D-Bus service's ChownProblemDir method. ChownProblemDir opens the dump direc HIGH · CVE-2026-54228 A time-of-check time-of-use (TOCTOU) race condition was found in the abrt-dbus D-Bus service's SetElement method. Betwee MED · CVE-2026-12089 The LWS Optimize – All-in-One Speed Booster & Cache Tools plugin for WordPress is vulnerable to Arbitrary File Read in v CVE-2026-11443 Allegra downloadAttachment Cross-Site Scripting Authentication Bypass Vulnerability. This vulnerability allows remote at CVE-2026-11442 Allegra exportReport Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attacker HIGH · CVE-2026-6676 Heap buffer out-of-bounds write vulnerability in Avira Antivirus engine when scanning a malformed POSIX tar archive may HIGH · CVE-2026-12068 Information disclosure vulnerability in Avira Password Manager when used with Mozilla Firefox may allow a remote attacke HIGH · CVE-2025-9033 Heap buffer out-of-bounds read vulnerability in Avira Antivirus engine when scanning a malformed PDF file may allow Loca HIGH · CVE-2025-9032 Heap buffer out-of-bounds read vulnerability in Avira Antivirus engine when scanning a malformed Windows PE file may all HIGH · CVE-2025-14098 Heap buffer out-of-bounds write vulnerability due to integer overflow in Avira Antivirus engine when scanning a malforme CVE-2026-54398 An authorization flaw in MISP’s object add/edit handling allowed an authenticated user with object editing permissions t CVE-2026-54095 Rejected reason: CVE ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2025-53826. Reason: This candidate i HIGH · CVE-2026-53868 Capgo before 12.128.2 contains a denial of service vulnerability allowing attackers to register accounts using arbitrary MED · CVE-2026-53867 Capgo before 12.128.2 fails to delete previously uploaded profile images from backend storage when users replace or remo MED · CVE-2026-53839 OpenClaw before 2026.5.7 contains a hostname validation vulnerability in retry endpoint checks that allows matching host CRIT · CVE-2026-53838 OpenClaw before 2026.5.27 contains a state mutation vulnerability in node pairing reconnection that allows paired nodes CVE-2026-53837 OpenClaw before 2026.5.6 contains an improper access control vulnerability in Mattermost event handlers that fails to va HIGH · CVE-2026-53836 OpenClaw before 2026.5.12 contains an allowlist bypass vulnerability in PowerShell encoded-command handling that allows MED · CVE-2026-53835 OpenClaw before 2026.5.6 contains a configuration enforcement bypass vulnerability in Feishu dynamic-agent bindings that HIGH · CVE-2026-53834 OpenClaw before 2026.4.27 contains an authorization bypass vulnerability in QQBot pre-dispatch slash commands that allow HIGH · CVE-2026-53833 OpenClaw before 2026.4.29 contains an authorization bypass vulnerability in the QQBot streaming command that allows auth HIGH · CVE-2026-53832 OpenClaw before 2026.5.18 contains an identity header validation vulnerability allowing local same-host callers to forge
2060 General 621 Vulnerability Disclosure 593 CVE 380 Campaigns 267 Data Breach 252 Malware

Trending Vendors

Microsoft (584) Google (295) Amazon (197) Intel (153) Apple (124) Linux (115) Cisco (107) GitHub (92) Palo Alto Networks (92) Oracle (57) Check Point (42) WordPress (40) Cloudflare (35) Rapid7 (33) Ivanti (26)

Latest News

Trail of Bits TTPs

Extending Ruzzy with LibAFL

LibAFL is all the rage in the fuzzing community these days, especially with LLVM’s libFuzzer being placed in maintenance mode. Written in Rust, LibAFL claims...

Trail of Bits →

Data Breaches

FreeIntelHub · Open-source CTI platform

All articles belong to their respective owners. FreeIntelHub aggregates publicly available RSS feeds for informational purposes only. DMCA