Threat Intelligence Feed

HIGH · CVE-2026-56414 A vulnerability exists in H.View IP cameras certificate-related upload interfaces allow authenticated users to store arb HIGH · CVE-2026-55975 A vulnerability exists in H.View IP cameras that could allow an authenticated user to supply unsanitized XML fields to t HIGH · CVE-2026-33560 The DMP-5000 file service exposes authenticated arbitrary file upload functionality. There are exposed endpoints which a HIGH · CVE-2026-31928 The DMP-5000 devices are shipped with a default administrative web account with weak authentication controls, which are CRIT · CVE-2026-28701 Various versions of Daktronics Controller Firmware could allow authenticated and unauthenticated remote users to escape HIGH · CVE-2026-55069 Kestra is an open-source, event-driven orchestration platform. Prior to 1.3.24, this vulnerability exists in the BasicAu MED · CVE-2026-53577 Kestra is an open-source, event-driven orchestration platform. Prior to 1.0.45 and 1.3.21, the previewFileFromExecution CRIT · CVE-2026-53576 Kestra is an open-source, event-driven orchestration platform. Prior to 1.0.45 and 1.3.21, the authentication filter for CVE-2026-50767 A stored cross-site scripting (XSS) vulnerability in the item type administration page of Koha Library Management System CVE-2026-50766 A stored cross-site scripting (XSS) vulnerability in the OPAC item detail page of Koha Library Management System through CVE-2026-50765 Cross-Site Scripting (XSS) vulnerability in the patron restriction type administration page of Koha Library Management S HIGH · CVE-2026-49984 Kestra is an open-source, event-driven orchestration platform. Prior to 1.0.45 and 1.3.23, the local internal-storage ba CRIT · CVE-2026-49869 Kestra is an open-source, event-driven orchestration platform. Prior to 1.0.45 and 1.3.21, AuthenticationFilter in Kestr HIGH · CVE-2026-45807 Kestra is an open-source, event-driven orchestration platform. Prior to 1.0.43 and 1.3.19, several Kestra API endpoints CVE-2026-38571 Cleartext storage and exposure of WPA2 credentials, and missing authentication on the rr/wr memory read/write commands, CVE-2026-36908 A stack overflow in the AP4_Array<AP4_TrunAtom::Entry>::EnsureCapacity component of axiomatic-systems Bento4 before v1.8 CVE-2026-36907 A stack overflow in the AP4_StsdAtom::AP4_StsdAtom component of axiomatic-systems Bento4 before v1.8.9allows attackers t CVE-2026-36478 An issue in Technitium DNS Server v.14.3 and before allows a remote attacker to cause a denial of service via the DnsSer HIGH · CVE-2026-54353 Budibase is an open-source low-code platform. Prior to 3.39.9, authenticated users with automation permissions can bypas CRIT · CVE-2026-54352 Budibase is an open-source low-code platform. Prior to 3.39.9, `POST /api/pwa/process-zip` at packages/server/src/api/ro HIGH · CVE-2026-54351 Budibase is an open-source low-code platform. Prior to 3.39.9, the webhook trigger endpoint in Budibase is publicly acce CRIT · CVE-2026-54350 Budibase is an open-source low-code platform. Prior to 3.39.12, an unauthenticated visitor of any published Budibase ap CVE-2026-52885 Notepad++ is a free and open-source source code editor. Prior to 8.9.6.4, NppCommands.cpp checks the HMAC of the on-disk HIGH · CVE-2026-52884 Notepad++ is a free and open-source source code editor. In v8.9.6.1, isInTrustedDirectory() does NOT canonicalize the pa CVE-2026-50137 Budibase is an open-source low-code platform. Prior to 3.39.0, an anonymous attacker who knows or can enumerate a worksp HIGH · CVE-2026-50136 Budibase is an open-source low-code platform. Prior to 3.39.3, the application server exposes an unauthenticated endpoin HIGH · CVE-2026-50132 Budibase is an open-source low-code platform. Prior to 3.39.0, `GET /api/chat-links/:instance/:token/handoff` is a publi HIGH · CVE-2026-48800 Notepad++ is a free and open-source source code editor. Prior to 8.9.6.1, the <Command> tag text content inside <UserDef HIGH · CVE-2026-48778 Notepad++ is a free and open-source source code editor. Prior to 8.9.6.1, the <GUIConfig name="commandLineInterpreter"> MED · CVE-2026-48770 Notepad++ is a free and open-source source code editor. Prior to 8.9.6.1, a local process in the same interactive Window CVE-2026-46710 Notepad++ is a free and open-source source code editor. From 8.9.4 until 8.9.6, Notepad++ contains a local privilege esc CVE-2026-46604 The TIFF decoder can panic when decoding an invalid image with an out-of-bounds strip offset. CVE-2026-39031 Lansweeper lsrunase 2.0 and lsencrypt 2.0 use RC4 encryption with a hardcoded 142-byte static key array to encrypt crede CVE-2026-38641 An issue in the DSO::mmap_and_copy function of relibc commit 61f42d allows attackers to cause a Denial of Service (DoS) CVE-2026-38639 An issue in the parse_month function (/time/strptime.rs) of relibc commit ab6a2e allows attackers to cause a Denial of S MED · CVE-2024-23581 The HCL Traveler for Microsoft Outlook libraries are being flagged as potentially malicious software or an unrecognized MED · CVE-2026-55838 RustFS is a distributed object storage system built in Rust. In 1.0.0-beta.7 and earlier, the real-time metrics endpoint HIGH · CVE-2026-55189 RustFS is a distributed object storage system built in Rust. From 1.0.0-alpha.1 until 1.0.0-beta.9, when the FTP fronten HIGH · CVE-2026-55188 RustFS is a distributed object storage system built in Rust. From 1.0.0-alpha.1 until 1.0.0-beta.9, RustFS contains an a CVE-2026-53324 In the Linux kernel, the following vulnerability has been resolved: net: mana: Use pci_name() for debugfs directory nam HIGH · CVE-2026-56414 A vulnerability exists in H.View IP cameras certificate-related upload interfaces allow authenticated users to store arb HIGH · CVE-2026-55975 A vulnerability exists in H.View IP cameras that could allow an authenticated user to supply unsanitized XML fields to t HIGH · CVE-2026-33560 The DMP-5000 file service exposes authenticated arbitrary file upload functionality. There are exposed endpoints which a HIGH · CVE-2026-31928 The DMP-5000 devices are shipped with a default administrative web account with weak authentication controls, which are CRIT · CVE-2026-28701 Various versions of Daktronics Controller Firmware could allow authenticated and unauthenticated remote users to escape HIGH · CVE-2026-55069 Kestra is an open-source, event-driven orchestration platform. Prior to 1.3.24, this vulnerability exists in the BasicAu MED · CVE-2026-53577 Kestra is an open-source, event-driven orchestration platform. Prior to 1.0.45 and 1.3.21, the previewFileFromExecution CRIT · CVE-2026-53576 Kestra is an open-source, event-driven orchestration platform. Prior to 1.0.45 and 1.3.21, the authentication filter for CVE-2026-50767 A stored cross-site scripting (XSS) vulnerability in the item type administration page of Koha Library Management System CVE-2026-50766 A stored cross-site scripting (XSS) vulnerability in the OPAC item detail page of Koha Library Management System through CVE-2026-50765 Cross-Site Scripting (XSS) vulnerability in the patron restriction type administration page of Koha Library Management S HIGH · CVE-2026-49984 Kestra is an open-source, event-driven orchestration platform. Prior to 1.0.45 and 1.3.23, the local internal-storage ba CRIT · CVE-2026-49869 Kestra is an open-source, event-driven orchestration platform. Prior to 1.0.45 and 1.3.21, AuthenticationFilter in Kestr HIGH · CVE-2026-45807 Kestra is an open-source, event-driven orchestration platform. Prior to 1.0.43 and 1.3.19, several Kestra API endpoints CVE-2026-38571 Cleartext storage and exposure of WPA2 credentials, and missing authentication on the rr/wr memory read/write commands, CVE-2026-36908 A stack overflow in the AP4_Array<AP4_TrunAtom::Entry>::EnsureCapacity component of axiomatic-systems Bento4 before v1.8 CVE-2026-36907 A stack overflow in the AP4_StsdAtom::AP4_StsdAtom component of axiomatic-systems Bento4 before v1.8.9allows attackers t CVE-2026-36478 An issue in Technitium DNS Server v.14.3 and before allows a remote attacker to cause a denial of service via the DnsSer HIGH · CVE-2026-54353 Budibase is an open-source low-code platform. Prior to 3.39.9, authenticated users with automation permissions can bypas CRIT · CVE-2026-54352 Budibase is an open-source low-code platform. Prior to 3.39.9, `POST /api/pwa/process-zip` at packages/server/src/api/ro HIGH · CVE-2026-54351 Budibase is an open-source low-code platform. Prior to 3.39.9, the webhook trigger endpoint in Budibase is publicly acce CRIT · CVE-2026-54350 Budibase is an open-source low-code platform. Prior to 3.39.12, an unauthenticated visitor of any published Budibase ap CVE-2026-52885 Notepad++ is a free and open-source source code editor. Prior to 8.9.6.4, NppCommands.cpp checks the HMAC of the on-disk HIGH · CVE-2026-52884 Notepad++ is a free and open-source source code editor. In v8.9.6.1, isInTrustedDirectory() does NOT canonicalize the pa CVE-2026-50137 Budibase is an open-source low-code platform. Prior to 3.39.0, an anonymous attacker who knows or can enumerate a worksp HIGH · CVE-2026-50136 Budibase is an open-source low-code platform. Prior to 3.39.3, the application server exposes an unauthenticated endpoin HIGH · CVE-2026-50132 Budibase is an open-source low-code platform. Prior to 3.39.0, `GET /api/chat-links/:instance/:token/handoff` is a publi HIGH · CVE-2026-48800 Notepad++ is a free and open-source source code editor. Prior to 8.9.6.1, the <Command> tag text content inside <UserDef HIGH · CVE-2026-48778 Notepad++ is a free and open-source source code editor. Prior to 8.9.6.1, the <GUIConfig name="commandLineInterpreter"> MED · CVE-2026-48770 Notepad++ is a free and open-source source code editor. Prior to 8.9.6.1, a local process in the same interactive Window CVE-2026-46710 Notepad++ is a free and open-source source code editor. From 8.9.4 until 8.9.6, Notepad++ contains a local privilege esc CVE-2026-46604 The TIFF decoder can panic when decoding an invalid image with an out-of-bounds strip offset. CVE-2026-39031 Lansweeper lsrunase 2.0 and lsencrypt 2.0 use RC4 encryption with a hardcoded 142-byte static key array to encrypt crede CVE-2026-38641 An issue in the DSO::mmap_and_copy function of relibc commit 61f42d allows attackers to cause a Denial of Service (DoS) CVE-2026-38639 An issue in the parse_month function (/time/strptime.rs) of relibc commit ab6a2e allows attackers to cause a Denial of S MED · CVE-2024-23581 The HCL Traveler for Microsoft Outlook libraries are being flagged as potentially malicious software or an unrecognized MED · CVE-2026-55838 RustFS is a distributed object storage system built in Rust. In 1.0.0-beta.7 and earlier, the real-time metrics endpoint HIGH · CVE-2026-55189 RustFS is a distributed object storage system built in Rust. From 1.0.0-alpha.1 until 1.0.0-beta.9, when the FTP fronten HIGH · CVE-2026-55188 RustFS is a distributed object storage system built in Rust. From 1.0.0-alpha.1 until 1.0.0-beta.9, RustFS contains an a CVE-2026-53324 In the Linux kernel, the following vulnerability has been resolved: net: mana: Use pci_name() for debugfs directory nam