/

Threat Intelligence Feed

Aggregating 4921 articles from trusted cybersecurity sources

/
All General Vulnerability Disclosure CVE Campaigns Data Breach Malware Zero-Day Ransomware
LATEST CVEs
HIGH · CVE-2026-6676 Heap buffer out-of-bounds write vulnerability in Avira Antivirus engine when scanning a malformed POSIX tar archive may HIGH · CVE-2026-12068 Information disclosure vulnerability in Avira Password Manager when used with Mozilla Firefox may allow a remote attacke HIGH · CVE-2025-9033 Heap buffer out-of-bounds read vulnerability in Avira Antivirus engine when scanning a malformed PDF file may allow Loca HIGH · CVE-2025-9032 Heap buffer out-of-bounds read vulnerability in Avira Antivirus engine when scanning a malformed Windows PE file may all HIGH · CVE-2025-14098 Heap buffer out-of-bounds write vulnerability due to integer overflow in Avira Antivirus engine when scanning a malforme CVE-2026-54398 An authorization flaw in MISP’s object add/edit handling allowed an authenticated user with object editing permissions t CVE-2026-54095 Rejected reason: CVE ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2025-53826. Reason: This candidate i HIGH · CVE-2026-53868 Capgo before 12.128.2 contains a denial of service vulnerability allowing attackers to register accounts using arbitrary MED · CVE-2026-53867 Capgo before 12.128.2 fails to delete previously uploaded profile images from backend storage when users replace or remo MED · CVE-2026-53839 OpenClaw before 2026.5.7 contains a hostname validation vulnerability in retry endpoint checks that allows matching host CRIT · CVE-2026-53838 OpenClaw before 2026.5.27 contains a state mutation vulnerability in node pairing reconnection that allows paired nodes CVE-2026-53837 OpenClaw before 2026.5.6 contains an improper access control vulnerability in Mattermost event handlers that fails to va HIGH · CVE-2026-53836 OpenClaw before 2026.5.12 contains an allowlist bypass vulnerability in PowerShell encoded-command handling that allows MED · CVE-2026-53835 OpenClaw before 2026.5.6 contains a configuration enforcement bypass vulnerability in Feishu dynamic-agent bindings that HIGH · CVE-2026-53834 OpenClaw before 2026.4.27 contains an authorization bypass vulnerability in QQBot pre-dispatch slash commands that allow HIGH · CVE-2026-53833 OpenClaw before 2026.4.29 contains an authorization bypass vulnerability in the QQBot streaming command that allows auth HIGH · CVE-2026-53832 OpenClaw before 2026.5.18 contains an identity header validation vulnerability allowing local same-host callers to forge HIGH · CVE-2026-53831 OpenClaw before 2026.5.18 contains a policy enforcement vulnerability in system.run safe-bin allowlist validation that a MED · CVE-2026-53830 OpenClaw before 2026.4.22 contains a webhook secret revocation bypass vulnerability allowing callers with old Slack and HIGH · CVE-2026-53829 OpenClaw before 2026.5.18 contains an approval display truncation vulnerability allowing authenticated users to hide com HIGH · CVE-2026-53828 OpenClaw before 2026.5.6 contains an authorization bypass vulnerability in native command handling that allows authentic MED · CVE-2026-53827 OpenClaw before 2026.5.2 contains a credential exposure vulnerability in message.action forwarding that allows model-con MED · CVE-2026-53826 OpenClaw before 2026.4.26 contains an information disclosure vulnerability in sandboxed session spawning that exposes th MED · CVE-2026-53825 OpenClaw before 2026.4.7 contains an arbitrary file read vulnerability in the memory-wiki ingest feature that allows aut MED · CVE-2026-53824 OpenClaw before 2026.4.24 contains a token revocation vulnerability allowing callers with revoked slash tokens to contin HIGH · CVE-2026-53823 OpenClaw before 2026.5.3 contains a privilege escalation vulnerability in the allowFrom feature that binds to mutable Sl HIGH · CVE-2026-53822 OpenClaw before 2026.5.18 contains a command injection vulnerability where shell wrapper argv could change between appro HIGH · CVE-2026-53821 OpenClaw before 2026.5.18 accepts WebSocket client-declared operator scopes before binding to server-approved pairing or MED · CVE-2026-53820 OpenClaw before 2026.5.12 contains an exec denylist bypass vulnerability in the bundle MCP loopback session-spawn path t CRIT · CVE-2026-53609 ApostropheCMS is an open-source Node.js content management system. In versions up to and including 4.30.0, `apos.util.se HIGH · CVE-2026-53608 ApostropheCMS is an open-source Node.js content management system. Versions up to and including 1.4.2 of the `@apostroph MED · CVE-2026-53523 Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 1.0.0 to be MED · CVE-2026-53522 Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 1.0.0 to be MED · CVE-2026-53521 Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 2.0.14 to b MED · CVE-2026-53520 Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 2.0.14 to b CRIT · CVE-2026-53519 Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. Prior to version 2.0.13, MED · CVE-2026-49397 Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 2.0.0 to be HIGH · CVE-2026-49396 Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 1.0.0 to be HIGH · CVE-2026-48119 Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 0.20.0 to b MED · CVE-2026-47268 Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 0.20.0 to b
2060 General 621 Vulnerability Disclosure 593 CVE 380 Campaigns 267 Data Breach 252 Malware

Trending Vendors

Microsoft (584) Google (295) Amazon (197) Intel (153) Apple (124) Linux (115) Cisco (107) GitHub (92) Palo Alto Networks (92) Oracle (57) Check Point (41) WordPress (40) Cloudflare (35) Rapid7 (33) Ivanti (26)

Latest News

Recorded Future Vulnerability Disclosure

From Bazooka to Fake Nikes

A deep dive into business impersonation fraud — from fake companies cashing stolen checks to AI-powered shopping scams — and why the same vulnerability enabl...

Recorded Future →

Data Breaches

FreeIntelHub · Open-source CTI platform

All articles belong to their respective owners. FreeIntelHub aggregates publicly available RSS feeds for informational purposes only. DMCA