Threat Intelligence Feed

CRIT · CVE-2026-39955 Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have pre-authentication SQ CVE-2026-39948 Cacti is an open source performance and fault management framework. In versions 1.2.30 and prior, the rfilter request pa CRIT · CVE-2026-39938 Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have unauthenticated LFI t CVE-2026-39900 Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior are vulnerable to Reflecte CVE-2026-39899 Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior are vulnerable to Path Tra CVE-2025-8106 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. CVE-2025-60474 A buffer overflow in the gf_media_import function (/media_tools/av_parsers.c) of GPAC Project/MP4Box before 26.02.0 allo CVE-2025-60467 A use-after-free in the gf_filter_pid_inst_swap_delete_task function (/filter_core/filter_pid.c) of GPAC Project/MP4Box CVE-2026-9779 ATEN Unizon doCryptoHugeFileToFile Improper Verification of Cryptographic Signature Remote Code Execution Vulnerability. CVE-2026-9778 ATEN Unizon ImportDeviceList Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote a CVE-2026-9777 ATEN Unizon restoreDB Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attacker CVE-2026-9776 ATEN Unizon writeFileToHttpServletResponse Directory Traversal Information Disclosure Vulnerability. This vulnerability CVE-2026-9775 ATEN Unizon uploadSSL Directory Traversal Arbitrary File Deletion Vulnerability. This vulnerability allows remote attack CVE-2026-9774 ATEN Unizon updateLicense Directory Traversal Arbitrary File Deletion Vulnerability. This vulnerability allows remote at CVE-2026-9773 Unraid Web Server ToggleState Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote at CVE-2026-9772 Unraid Web Server FileUpload Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote att HIGH · CVE-2026-55762 Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.1, 8.4.4, 8.3.6, 8.2.6, HIGH · CVE-2026-55759 Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.1, 8.4.4, 8.3.6, 8.2.6, CVE-2026-55666 Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.1, 8.4.4, 8.3.6, 8.2.6, CRIT · CVE-2026-55570 SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, it does not escape the untrusted fields ( CVE-2026-55455 Appsmith is a platform to build admin panels, internal tools, and dashboards. Prior to 2.1, the outbound HTTP host filte CRIT · CVE-2026-55454 Appsmith is a platform to build admin panels, internal tools, and dashboards. Prior to 2.1, the bundled Caddy reverse-pr CVE-2026-54759 SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, Lute's HTML sanitizer does not remove <if CRIT · CVE-2026-54158 SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, the attribute-view (database) cell render HIGH · CVE-2026-54070 SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, renderPackageREADME in kernel/bazaar/read CVE-2026-54069 SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, SiYuan Note's kernel HTTP server uncondit MED · CVE-2026-54068 SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, the /api/icon/getDynamicIcon endpoint is CRIT · CVE-2026-54067 SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, CSS snippet body containing </style> brea HIGH · CVE-2026-54066 SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, the patch for CVE-2026-41894 ("Path Trave MED · CVE-2026-53766 Chrome DevTools for agents (chrome-devtools-mcp) lets your coding agent control and inspect a live Chrome browser. From MED · CVE-2026-53765 Chrome DevTools for agents (chrome-devtools-mcp) lets your coding agent control and inspect a live Chrome browser. From HIGH · CVE-2026-52794 Sentry is an error tracking and performance monitoring tool. From 24.4.0 until 26.5.2, a Regular Expression Denial of Se CRIT · CVE-2026-50551 SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, SiYuan contains a stored cross-site scrip CVE-2026-50189 Appsmith is a platform to build admin panels, internal tools, and dashboards. Prior to 2.1, Appsmith's bundled superviso CVE-2026-49979 Appsmith is a platform to build admin panels, internal tools, and dashboards. Prior to 1.99, the POST /api/v1/admin/send MED · CVE-2026-47110 Tiptap for PHP before version 2.1.1 contains an input validation vulnerability that allows authenticated attackers to ca CVE-2026-47093 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. CVE-2026-39897 Cacti is an open source performance and fault management framework. Versions 1.2.30 and below contain a Reflected XSS vu CVE-2026-39894 Cacti is an open source performance and fault management framework. In versions 1.2.30 and below, the locale-dependent d CRIT · CVE-2026-39893 Cacti is an open source performance and fault management framework. In versions 1.2.30 and prior, the rfilter request va CRIT · CVE-2026-39955 Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have pre-authentication SQ CVE-2026-39948 Cacti is an open source performance and fault management framework. In versions 1.2.30 and prior, the rfilter request pa CRIT · CVE-2026-39938 Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have unauthenticated LFI t CVE-2026-39900 Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior are vulnerable to Reflecte CVE-2026-39899 Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior are vulnerable to Path Tra CVE-2025-8106 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. CVE-2025-60474 A buffer overflow in the gf_media_import function (/media_tools/av_parsers.c) of GPAC Project/MP4Box before 26.02.0 allo CVE-2025-60467 A use-after-free in the gf_filter_pid_inst_swap_delete_task function (/filter_core/filter_pid.c) of GPAC Project/MP4Box CVE-2026-9779 ATEN Unizon doCryptoHugeFileToFile Improper Verification of Cryptographic Signature Remote Code Execution Vulnerability. CVE-2026-9778 ATEN Unizon ImportDeviceList Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote a CVE-2026-9777 ATEN Unizon restoreDB Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attacker CVE-2026-9776 ATEN Unizon writeFileToHttpServletResponse Directory Traversal Information Disclosure Vulnerability. This vulnerability CVE-2026-9775 ATEN Unizon uploadSSL Directory Traversal Arbitrary File Deletion Vulnerability. This vulnerability allows remote attack CVE-2026-9774 ATEN Unizon updateLicense Directory Traversal Arbitrary File Deletion Vulnerability. This vulnerability allows remote at CVE-2026-9773 Unraid Web Server ToggleState Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote at CVE-2026-9772 Unraid Web Server FileUpload Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote att HIGH · CVE-2026-55762 Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.1, 8.4.4, 8.3.6, 8.2.6, HIGH · CVE-2026-55759 Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.1, 8.4.4, 8.3.6, 8.2.6, CVE-2026-55666 Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.1, 8.4.4, 8.3.6, 8.2.6, CRIT · CVE-2026-55570 SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, it does not escape the untrusted fields ( CVE-2026-55455 Appsmith is a platform to build admin panels, internal tools, and dashboards. Prior to 2.1, the outbound HTTP host filte CRIT · CVE-2026-55454 Appsmith is a platform to build admin panels, internal tools, and dashboards. Prior to 2.1, the bundled Caddy reverse-pr CVE-2026-54759 SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, Lute's HTML sanitizer does not remove <if CRIT · CVE-2026-54158 SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, the attribute-view (database) cell render HIGH · CVE-2026-54070 SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, renderPackageREADME in kernel/bazaar/read CVE-2026-54069 SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, SiYuan Note's kernel HTTP server uncondit MED · CVE-2026-54068 SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, the /api/icon/getDynamicIcon endpoint is CRIT · CVE-2026-54067 SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, CSS snippet body containing </style> brea HIGH · CVE-2026-54066 SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, the patch for CVE-2026-41894 ("Path Trave MED · CVE-2026-53766 Chrome DevTools for agents (chrome-devtools-mcp) lets your coding agent control and inspect a live Chrome browser. From MED · CVE-2026-53765 Chrome DevTools for agents (chrome-devtools-mcp) lets your coding agent control and inspect a live Chrome browser. From HIGH · CVE-2026-52794 Sentry is an error tracking and performance monitoring tool. From 24.4.0 until 26.5.2, a Regular Expression Denial of Se CRIT · CVE-2026-50551 SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, SiYuan contains a stored cross-site scrip CVE-2026-50189 Appsmith is a platform to build admin panels, internal tools, and dashboards. Prior to 2.1, Appsmith's bundled superviso CVE-2026-49979 Appsmith is a platform to build admin panels, internal tools, and dashboards. Prior to 1.99, the POST /api/v1/admin/send MED · CVE-2026-47110 Tiptap for PHP before version 2.1.1 contains an input validation vulnerability that allows authenticated attackers to ca CVE-2026-47093 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. CVE-2026-39897 Cacti is an open source performance and fault management framework. Versions 1.2.30 and below contain a Reflected XSS vu CVE-2026-39894 Cacti is an open source performance and fault management framework. In versions 1.2.30 and below, the locale-dependent d CRIT · CVE-2026-39893 Cacti is an open source performance and fault management framework. In versions 1.2.30 and prior, the rfilter request va