Threat Intelligence Feed

MED · CVE-2026-12175 A vulnerability was detected in CodeAstro Student Attendance Management System 1.0. Impacted is an unknown function of t HIGH · CVE-2026-12174 A security vulnerability has been detected in D-Link DCS-935L 1.10.01. This issue affects the function snprintf of the f CRIT · CVE-2026-12183 Nefteprodukttekhnika BUK TS-G Gas Station Automation System 2.9.1 through 2.10.2 on Linux contains an Improper Authentic HIGH · CVE-2026-6428 SQL Injection in reports/catalogue_out.pl in Koha Community Koha through 22.11.37, 23.x, 24.x before 24.11.16, 25.05.x b HIGH · CVE-2026-5513 The Online Scheduling and Appointment Booking System – Bookly plugin for WordPress is vulnerable to Stored Cross-Site Sc MED · CVE-2026-1291 The Meow Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability che CVE-2026-11624 The Model Context Protocol has a security warning advising servers to validate the "Origin" header on all incoming conne MED · CVE-2026-9629 The Canvas plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tag' parameter in all versions up MED · CVE-2026-3297 The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to Stored Cross-Site Scri MED · CVE-2026-2470 The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to Incorrect Authorizatio MED · CVE-2026-9134 The FooGallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'custom_attribute_key' shortcod HIGH · CVE-2026-9109 The GPTranslate – Multilingual AI Translation for WordPress: Automatically Translate Websites plugin for WordPress is vu CVE-2026-9062 The Store Locator WordPress plugin before 1.6.9 does not validate a parameter before using it in a file path, allowing h CVE-2026-9061 The Store Locator WordPress plugin before 1.6.9 does not sanitize and escape store logo metadata before storing it and o CVE-2026-11769 We have released version 5.24.0 of the Grafana Operator. This patch includes a CRITICAL severity security fix for a path HIGH · CVE-2026-9848 The WP Ticket plugin for WordPress is vulnerable to SQL Injection via the WordPress search query parameter (`s`) in vers MED · CVE-2026-54231 A content injection vulnerability was found in the ABRT post-create event handler scripts in libreport. The event script HIGH · CVE-2026-54230 A symlink following vulnerability was found in the ABRT post-create event handler scripts in libreport. Event scripts wr HIGH · CVE-2026-54229 A race condition was found in the abrt-dbus D-Bus service's ChownProblemDir method. ChownProblemDir opens the dump direc HIGH · CVE-2026-54228 A time-of-check time-of-use (TOCTOU) race condition was found in the abrt-dbus D-Bus service's SetElement method. Betwee MED · CVE-2026-12089 The LWS Optimize – All-in-One Speed Booster & Cache Tools plugin for WordPress is vulnerable to Arbitrary File Read in v CVE-2026-11443 Allegra downloadAttachment Cross-Site Scripting Authentication Bypass Vulnerability. This vulnerability allows remote at CVE-2026-11442 Allegra exportReport Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attacker HIGH · CVE-2026-6676 Heap buffer out-of-bounds write vulnerability in Avira Antivirus engine when scanning a malformed POSIX tar archive may HIGH · CVE-2026-12068 Information disclosure vulnerability in Avira Password Manager when used with Mozilla Firefox may allow a remote attacke HIGH · CVE-2025-9033 Heap buffer out-of-bounds read vulnerability in Avira Antivirus engine when scanning a malformed PDF file may allow Loca HIGH · CVE-2025-9032 Heap buffer out-of-bounds read vulnerability in Avira Antivirus engine when scanning a malformed Windows PE file may all HIGH · CVE-2025-14098 Heap buffer out-of-bounds write vulnerability due to integer overflow in Avira Antivirus engine when scanning a malforme CVE-2026-54398 An authorization flaw in MISP’s object add/edit handling allowed an authenticated user with object editing permissions t CVE-2026-54095 Rejected reason: CVE ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2025-53826. Reason: This candidate i HIGH · CVE-2026-53868 Capgo before 12.128.2 contains a denial of service vulnerability allowing attackers to register accounts using arbitrary MED · CVE-2026-53867 Capgo before 12.128.2 fails to delete previously uploaded profile images from backend storage when users replace or remo MED · CVE-2026-53839 OpenClaw before 2026.5.7 contains a hostname validation vulnerability in retry endpoint checks that allows matching host CRIT · CVE-2026-53838 OpenClaw before 2026.5.27 contains a state mutation vulnerability in node pairing reconnection that allows paired nodes CVE-2026-53837 OpenClaw before 2026.5.6 contains an improper access control vulnerability in Mattermost event handlers that fails to va HIGH · CVE-2026-53836 OpenClaw before 2026.5.12 contains an allowlist bypass vulnerability in PowerShell encoded-command handling that allows MED · CVE-2026-53835 OpenClaw before 2026.5.6 contains a configuration enforcement bypass vulnerability in Feishu dynamic-agent bindings that HIGH · CVE-2026-53834 OpenClaw before 2026.4.27 contains an authorization bypass vulnerability in QQBot pre-dispatch slash commands that allow HIGH · CVE-2026-53833 OpenClaw before 2026.4.29 contains an authorization bypass vulnerability in the QQBot streaming command that allows auth HIGH · CVE-2026-53832 OpenClaw before 2026.5.18 contains an identity header validation vulnerability allowing local same-host callers to forge MED · CVE-2026-12175 A vulnerability was detected in CodeAstro Student Attendance Management System 1.0. Impacted is an unknown function of t HIGH · CVE-2026-12174 A security vulnerability has been detected in D-Link DCS-935L 1.10.01. This issue affects the function snprintf of the f CRIT · CVE-2026-12183 Nefteprodukttekhnika BUK TS-G Gas Station Automation System 2.9.1 through 2.10.2 on Linux contains an Improper Authentic HIGH · CVE-2026-6428 SQL Injection in reports/catalogue_out.pl in Koha Community Koha through 22.11.37, 23.x, 24.x before 24.11.16, 25.05.x b HIGH · CVE-2026-5513 The Online Scheduling and Appointment Booking System – Bookly plugin for WordPress is vulnerable to Stored Cross-Site Sc MED · CVE-2026-1291 The Meow Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability che CVE-2026-11624 The Model Context Protocol has a security warning advising servers to validate the "Origin" header on all incoming conne MED · CVE-2026-9629 The Canvas plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tag' parameter in all versions up MED · CVE-2026-3297 The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to Stored Cross-Site Scri MED · CVE-2026-2470 The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to Incorrect Authorizatio MED · CVE-2026-9134 The FooGallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'custom_attribute_key' shortcod HIGH · CVE-2026-9109 The GPTranslate – Multilingual AI Translation for WordPress: Automatically Translate Websites plugin for WordPress is vu CVE-2026-9062 The Store Locator WordPress plugin before 1.6.9 does not validate a parameter before using it in a file path, allowing h CVE-2026-9061 The Store Locator WordPress plugin before 1.6.9 does not sanitize and escape store logo metadata before storing it and o CVE-2026-11769 We have released version 5.24.0 of the Grafana Operator. This patch includes a CRITICAL severity security fix for a path HIGH · CVE-2026-9848 The WP Ticket plugin for WordPress is vulnerable to SQL Injection via the WordPress search query parameter (`s`) in vers MED · CVE-2026-54231 A content injection vulnerability was found in the ABRT post-create event handler scripts in libreport. The event script HIGH · CVE-2026-54230 A symlink following vulnerability was found in the ABRT post-create event handler scripts in libreport. Event scripts wr HIGH · CVE-2026-54229 A race condition was found in the abrt-dbus D-Bus service's ChownProblemDir method. ChownProblemDir opens the dump direc HIGH · CVE-2026-54228 A time-of-check time-of-use (TOCTOU) race condition was found in the abrt-dbus D-Bus service's SetElement method. Betwee MED · CVE-2026-12089 The LWS Optimize – All-in-One Speed Booster & Cache Tools plugin for WordPress is vulnerable to Arbitrary File Read in v CVE-2026-11443 Allegra downloadAttachment Cross-Site Scripting Authentication Bypass Vulnerability. This vulnerability allows remote at CVE-2026-11442 Allegra exportReport Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attacker HIGH · CVE-2026-6676 Heap buffer out-of-bounds write vulnerability in Avira Antivirus engine when scanning a malformed POSIX tar archive may HIGH · CVE-2026-12068 Information disclosure vulnerability in Avira Password Manager when used with Mozilla Firefox may allow a remote attacke HIGH · CVE-2025-9033 Heap buffer out-of-bounds read vulnerability in Avira Antivirus engine when scanning a malformed PDF file may allow Loca HIGH · CVE-2025-9032 Heap buffer out-of-bounds read vulnerability in Avira Antivirus engine when scanning a malformed Windows PE file may all HIGH · CVE-2025-14098 Heap buffer out-of-bounds write vulnerability due to integer overflow in Avira Antivirus engine when scanning a malforme CVE-2026-54398 An authorization flaw in MISP’s object add/edit handling allowed an authenticated user with object editing permissions t CVE-2026-54095 Rejected reason: CVE ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2025-53826. Reason: This candidate i HIGH · CVE-2026-53868 Capgo before 12.128.2 contains a denial of service vulnerability allowing attackers to register accounts using arbitrary MED · CVE-2026-53867 Capgo before 12.128.2 fails to delete previously uploaded profile images from backend storage when users replace or remo MED · CVE-2026-53839 OpenClaw before 2026.5.7 contains a hostname validation vulnerability in retry endpoint checks that allows matching host CRIT · CVE-2026-53838 OpenClaw before 2026.5.27 contains a state mutation vulnerability in node pairing reconnection that allows paired nodes CVE-2026-53837 OpenClaw before 2026.5.6 contains an improper access control vulnerability in Mattermost event handlers that fails to va HIGH · CVE-2026-53836 OpenClaw before 2026.5.12 contains an allowlist bypass vulnerability in PowerShell encoded-command handling that allows MED · CVE-2026-53835 OpenClaw before 2026.5.6 contains a configuration enforcement bypass vulnerability in Feishu dynamic-agent bindings that HIGH · CVE-2026-53834 OpenClaw before 2026.4.27 contains an authorization bypass vulnerability in QQBot pre-dispatch slash commands that allow HIGH · CVE-2026-53833 OpenClaw before 2026.4.29 contains an authorization bypass vulnerability in the QQBot streaming command that allows auth HIGH · CVE-2026-53832 OpenClaw before 2026.5.18 contains an identity header validation vulnerability allowing local same-host callers to forge