Threat Intelligence Feed

Aggregating 6743 articles from trusted cybersecurity sources

LATEST CVEs
CRIT · CVE-2026-57100 Server-side request forgery (ssrf) in Microsoft Entra Provisioning Service (SyncFabric) allows an authorized attacker to HIGH · CVE-2026-54998 Incorrect authorization in Microsoft Exchange Online allows an authorized attacker to elevate privileges over a network. CRIT · CVE-2026-45499 Server-side request forgery (ssrf) in Azure OpenAI allows an authorized attacker to elevate privileges over a network. CRIT · CVE-2026-41106 Url redirection to untrusted site ('open redirect') in M365 Copilot allows an unauthorized attacker to elevate privilege MED · CVE-2026-26145 Improper access control in Azure Synapse allows an authorized attacker to elevate privileges over a network. HIGH · CVE-2026-50722 Libreswan, via the function RSA_authenticate_hash_signature_pkcs1_1_5_rsa(), did not correctly verify the DER encoding o HIGH · CVE-2026-50721 Libreswan, via the function RSA_authenticate_hash_signature_raw_rsa(), did not correctly verify the length of the authen HIGH · CVE-2026-12413 An invalidly formatted IKEv2 fragment causes the Libreswan pluto daemon to crash and restart. Continued exploitation wou HIGH · CVE-2026-58460 react-native-receive-sharing-intent contains a path traversal vulnerability that allows a co-resident malicious applicat CRIT · CVE-2026-52830 fast-mcp-telegram is a Telegram MCP Server. Prior to 0.19.1, fast-mcp-telegram validates HTTP Bearer tokens by joining t CVE-2026-52192 An issue in UTT nv518G nv518GV3v3.2.7-210919-161313 allows a remote attacker to cause a denial of service via the gohead CVE-2026-52191 Buffer Overflow vulnerability in UTT nv518G nv518GV3v3.2.7-210919-161313 allows a remote attacker to cause a denial of s CVE-2026-52189 Buffer Overflow vulnerability in UTT nv518G nv518GV3v3.2.7-210919-161313 allows a remote attacker to cause a denial of s CVE-2026-52188 Buffer Overflow vulnerability in UTT nv518G nv518GV3v3.2.7-210919-161313 allows a remote attacker to cause a denial of s CVE-2026-38972 Notepad3 through 6.25.822.1 contains a DLL search-order hijacking vulnerability in the About-dialog code path in src/Not CVE-2026-38971 ardupilot through Plane-4.6.3 was found to contain an out-of-bounds read issue in libraries/GCS_MAVLink/GCS_serial_contr CVE-2026-38970 pdfcpu through v0.11.1 contains an uncontrolled-recursion denial-of-service issue in pkg/pdfcpu/model/parse.go. The pars CVE-2026-38969 ruby webrick through v1.9.2 WEBrick reparses trailer Content-Length into canonical request state, enabling request smugg CVE-2026-38968 ntopng through 6.6 is vulnerable to Predictable Session Identifier which can lead to Session Hijacking. HTTP session ide MED · CVE-2026-59102 Forgejo before 15.0.3 contains a stored cross-site scripting vulnerability that allows authenticated attackers to execut MED · CVE-2026-59101 AutoBangumi before 3.2.8 contains a server-side request forgery (SSRF) vulnerability that allows unauthenticated remote MED · CVE-2026-59100 LobeChat through 2.2.9 contains a broken object level authorization vulnerability that allows authenticated attackers to CRIT · CVE-2026-59099 Apereo CAS 7.3.0 before 8.0.0-RC6 contains a cryptographic vulnerability that allows remote unauthenticated attackers to MED · CVE-2026-59098 LobeChat through 2.2.9 contains a broken access control vulnerability in the retrieval-augmented-generation semantic sea MED · CVE-2026-59097 Taiga before 6.10.2 contains a missing authorization vulnerability that allows unauthenticated remote attackers to creat HIGH · CVE-2026-59096 Dapr Sentry's OIDC discovery endpoint derives the issuer and jwks_uri of the /.well-known/openid-configuration document HIGH · CVE-2026-59095 LobeChat before 2.2.10-canary.18 contains a server-side request forgery vulnerability that allows authenticated attacker HIGH · CVE-2026-59094 Pathway through 0.31.1, fixed in commit d09722e, document store applies a caller-supplied glob pattern to indexed docume HIGH · CVE-2026-59093 Weaviate before 1.38.0 does not verify that a principal performing an RBAC role assignment holds the permissions granted HIGH · CVE-2026-59092 JuiceFS through 1.3.1, fixed in commit a46979c, contains an authentication bypass vulnerability that allows unauthentica MED · CVE-2026-58580 LobeChat through 2.2.9 server-database deployments are vulnerable to broken object-level authorization in MessageModel. MED · CVE-2026-58579 RAGFlow before 0.26.3 stores an agent pipeline (DSL) node name without sanitization: the agent update endpoint normalize MED · CVE-2026-58578 LobeChat before version 2.2.10-canary.15 contains a regular expression denial of service (ReDoS) vulnerability that allo HIGH · CVE-2026-58467 Cockpit CMS before release 364 contains a path traversal and local file inclusion vulnerability that allows unauthentica CRIT · CVE-2026-58466 AutoBangumi before 3.2.8 contains a hard-coded default credentials vulnerability that allows unauthenticated attackers t MED · CVE-2026-58381 A flaw was found in GIMP's PSP file format parser. A double-free condition occurs in the read_layer_block() function whe CVE-2026-52187 Buffer Overflow vulnerability in UTT nv518G nv518GV3v3.2.7-210919-161313 allows a remote attacker to cause a denial of s MED · CVE-2025-71385 Netdata before 2.3.1 reflects the user-supplied love query parameter of the api/v2/ilove.svg and api/v3/ilove.svg endpoi HIGH · CVE-2026-7311 The TinyPNG – JPEG, PNG & WebP image compression plugin for WordPress is vulnerable to arbitrary file deletion due to in HIGH · CVE-2026-58465 Eclipse Wakaama before snapshot/2026-05-26 contains an unbounded memory allocation vulnerability in the CoAP Block1 hand
2929 General 792 Vulnerability Disclosure 766 CVE 537 Campaigns 371 Data Breach 342 Malware

Trending Vendors

Latest News

Data Breaches