Threat Intelligence Feed

HIGH · CVE-2026-8023 Zephyr's HTTP server (subsys/net/lib/http) provides a static-filesystem resource type (HTTP_RESOURCE_TYPE_STATIC_FS, ava HIGH · CVE-2026-7656 The IPv6 Neighbor Discovery handlers in subsys/net/ip/ipv6_nbr.c (handle_ra_input, handle_ns_input, handle_na_input) use MED · CVE-2026-51219 A heap buffer overflow in the HighPriorityASDUQueue_hasUnconfirmedIMessages function of lib60870 v2.3.3 to v2.3.6 allows MED · CVE-2026-51218 A heap buffer overflow in the TS7Worker::PerformFunctionWrite() function (/core/s7_server.cpp) of snap7 v1.4.3 allows at MED · CVE-2026-10648 mcumgr_serial_process_frag() in subsys/mgmt/mcumgr/transport/src/serial_util.c calls net_buf_reset() on the result of sm MED · CVE-2026-57997 Strapi users-permissions plugin fails to restrict JWT algorithms when plugin::users-permissions.jwt.algorithm is not exp HIGH · CVE-2026-51221 A buffer overflow in the Get_Attribute_List function of EIPStackGroup OpENer commit 76b95c allows attackers to cause a D HIGH · CVE-2026-34592 Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta. MED · CVE-2026-10647 The USB CDC-NCM device class (subsys/usb/device_next/class/usbd_cdc_ncm.c) ignores the return value of usbd_ep_enqueue() HIGH · CVE-2026-55957 Missing Critical Step in Authentication vulnerability in Apache Tomcat when the JNDIRealm was configured to authenticate MED · CVE-2026-55956 Improper Authorization vulnerability in Apache Tomcat leads to security constraints specified for the default servlet ig MED · CVE-2026-55955 Improper Authentication vulnerability in Apache Tomcat allowed a replay attack against the EncryptionInterceptor in the CRIT · CVE-2026-55276 Always-Incorrect Control Flow Implementation vulnerability in Apache Tomcat meant that special roles and empty authorisa CRIT · CVE-2026-53434 Detection of Error Condition Without Action vulnerability in Apache Tomcat when configuring CRLs for a FFM based connect HIGH · CVE-2026-53404 Always-Incorrect Control Flow Implementation vulnerability in Apache Tomcat's rewrite valve meant that if the first cond MED · CVE-2026-50229 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in the number guess example HIGH · CVE-2026-41896 Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta. HIGH · CVE-2026-34597 Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta. HIGH · CVE-2026-34594 Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta. CVE-2026-13758 CryptX versions before 0.088_001 for Perl compare AEAD authentication tags in non-constant time in the streaming decrypt HIGH · CVE-2026-57919 PBackupVSS.exe in Matrix42 Empirum before 25.5 and 26.x before 26.2 creates a named pipe (\\.\pipe\PBackupVSS) with a DA CRIT · CVE-2026-57498 Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta. HIGH · CVE-2026-56018 JavaScript::Minifier::XS versions before 0.16 for Perl leak memory on every call to minify(), allowing unbounded memory HIGH · CVE-2026-56017 JavaScript::Minifier::XS versions before 0.16 for Perl crash with a NULL pointer dereference when the first meaningful t CVE-2026-54889 Improper Neutralization of Input During Web Page Generation (XSS) vulnerability in leandrocp mdex allows cross-site scri CVE-2026-54888 Uncontrolled Recursion vulnerability in leandrocp mdex allows denial of service via deeply nested Markdown input. mdex CVE-2026-53429 Missing Release of Memory after Effective Lifetime vulnerability in leandrocp mdex and mdex_native allows an attacker wh CVE-2026-53426 Allocation of Resources Without Limits or Throttling vulnerability in leandrocp MDEx allows Excessive Allocation. MDEx. MED · CVE-2026-43746 A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.5.2, iOS 26.5.2 a MED · CVE-2026-43745 An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in Safari 26.5.2, iOS 26. MED · CVE-2026-43743 A race condition was addressed with improved state handling. This issue is fixed in iOS 26.5.2 and iPadOS 26.5.2, macOS MED · CVE-2026-43742 A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.5.2, iOS 26.5.2 a MED · CVE-2026-43740 The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5. HIGH · CVE-2026-43735 The issue was addressed with improved checks. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS MED · CVE-2026-43734 A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.5.2, iOS 26.5.2 a MED · CVE-2026-43732 A path handling issue was addressed with improved validation. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadO HIGH · CVE-2026-43731 A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.5.2, iOS 26.5.2 a MED · CVE-2026-43727 A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.5.2, iOS 26.5.2 a MED · CVE-2026-43726 A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.5.2, iOS 26.5.2 a HIGH · CVE-2026-43725 The issue was addressed with improved input validation. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5 HIGH · CVE-2026-8023 Zephyr's HTTP server (subsys/net/lib/http) provides a static-filesystem resource type (HTTP_RESOURCE_TYPE_STATIC_FS, ava HIGH · CVE-2026-7656 The IPv6 Neighbor Discovery handlers in subsys/net/ip/ipv6_nbr.c (handle_ra_input, handle_ns_input, handle_na_input) use MED · CVE-2026-51219 A heap buffer overflow in the HighPriorityASDUQueue_hasUnconfirmedIMessages function of lib60870 v2.3.3 to v2.3.6 allows MED · CVE-2026-51218 A heap buffer overflow in the TS7Worker::PerformFunctionWrite() function (/core/s7_server.cpp) of snap7 v1.4.3 allows at MED · CVE-2026-10648 mcumgr_serial_process_frag() in subsys/mgmt/mcumgr/transport/src/serial_util.c calls net_buf_reset() on the result of sm MED · CVE-2026-57997 Strapi users-permissions plugin fails to restrict JWT algorithms when plugin::users-permissions.jwt.algorithm is not exp HIGH · CVE-2026-51221 A buffer overflow in the Get_Attribute_List function of EIPStackGroup OpENer commit 76b95c allows attackers to cause a D HIGH · CVE-2026-34592 Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta. MED · CVE-2026-10647 The USB CDC-NCM device class (subsys/usb/device_next/class/usbd_cdc_ncm.c) ignores the return value of usbd_ep_enqueue() HIGH · CVE-2026-55957 Missing Critical Step in Authentication vulnerability in Apache Tomcat when the JNDIRealm was configured to authenticate MED · CVE-2026-55956 Improper Authorization vulnerability in Apache Tomcat leads to security constraints specified for the default servlet ig MED · CVE-2026-55955 Improper Authentication vulnerability in Apache Tomcat allowed a replay attack against the EncryptionInterceptor in the CRIT · CVE-2026-55276 Always-Incorrect Control Flow Implementation vulnerability in Apache Tomcat meant that special roles and empty authorisa CRIT · CVE-2026-53434 Detection of Error Condition Without Action vulnerability in Apache Tomcat when configuring CRLs for a FFM based connect HIGH · CVE-2026-53404 Always-Incorrect Control Flow Implementation vulnerability in Apache Tomcat's rewrite valve meant that if the first cond MED · CVE-2026-50229 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in the number guess example HIGH · CVE-2026-41896 Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta. HIGH · CVE-2026-34597 Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta. HIGH · CVE-2026-34594 Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta. CVE-2026-13758 CryptX versions before 0.088_001 for Perl compare AEAD authentication tags in non-constant time in the streaming decrypt HIGH · CVE-2026-57919 PBackupVSS.exe in Matrix42 Empirum before 25.5 and 26.x before 26.2 creates a named pipe (\\.\pipe\PBackupVSS) with a DA CRIT · CVE-2026-57498 Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta. HIGH · CVE-2026-56018 JavaScript::Minifier::XS versions before 0.16 for Perl leak memory on every call to minify(), allowing unbounded memory HIGH · CVE-2026-56017 JavaScript::Minifier::XS versions before 0.16 for Perl crash with a NULL pointer dereference when the first meaningful t CVE-2026-54889 Improper Neutralization of Input During Web Page Generation (XSS) vulnerability in leandrocp mdex allows cross-site scri CVE-2026-54888 Uncontrolled Recursion vulnerability in leandrocp mdex allows denial of service via deeply nested Markdown input. mdex CVE-2026-53429 Missing Release of Memory after Effective Lifetime vulnerability in leandrocp mdex and mdex_native allows an attacker wh CVE-2026-53426 Allocation of Resources Without Limits or Throttling vulnerability in leandrocp MDEx allows Excessive Allocation. MDEx. MED · CVE-2026-43746 A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.5.2, iOS 26.5.2 a MED · CVE-2026-43745 An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in Safari 26.5.2, iOS 26. MED · CVE-2026-43743 A race condition was addressed with improved state handling. This issue is fixed in iOS 26.5.2 and iPadOS 26.5.2, macOS MED · CVE-2026-43742 A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.5.2, iOS 26.5.2 a MED · CVE-2026-43740 The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5. HIGH · CVE-2026-43735 The issue was addressed with improved checks. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS MED · CVE-2026-43734 A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.5.2, iOS 26.5.2 a MED · CVE-2026-43732 A path handling issue was addressed with improved validation. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadO HIGH · CVE-2026-43731 A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.5.2, iOS 26.5.2 a MED · CVE-2026-43727 A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.5.2, iOS 26.5.2 a MED · CVE-2026-43726 A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.5.2, iOS 26.5.2 a HIGH · CVE-2026-43725 The issue was addressed with improved input validation. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5