/

Threat Intelligence Feed

Aggregating 4895 articles from trusted cybersecurity sources

/
All General Vulnerability Disclosure CVE Campaigns Data Breach Malware Zero-Day Ransomware
LATEST CVEs
HIGH · CVE-2026-12191 A vulnerability was found in Comma AI Openpilot 0.11. This issue affects the function pickle.load/pickle.loads of the fi MED · CVE-2026-12190 A vulnerability has been found in Genspark AI Workspace App 2.8.4 on Android. This vulnerability affects unknown code of MED · CVE-2026-12189 A flaw has been found in Moovit Bus & Public Transit App 1.18 on Android. This affects an unknown part of the component MED · CVE-2026-12188 A vulnerability was detected in Grit42 Grit up to 0.11.0. Affected by this issue is some unknown functionality of the fi HIGH · CVE-2026-12187 A security vulnerability has been detected in GL.iNet GL-MT3000 up to 4.4.5. Affected by this vulnerability is an unknow HIGH · CVE-2026-12186 A weakness has been identified in GL.iNet GL-MT3000 up to 4.4.5. Affected is the function replace_country in the library HIGH · CVE-2026-54413 driftregion iso14229 through 0.9.0 contains an integer underflow and downstream out-of-bounds read in the Handle_0x27_Se HIGH · CVE-2026-54412 LiamBindle MQTT-C through version 1.1.6 contains a heap-based out-of-bounds read and integer underflow in the mqtt_unpac MED · CVE-2026-54411 Linux-PAM through 1.7.2 contains an observable timing discrepancy (CWE-208) in the pam_userdb module's plaintext-passwor HIGH · CVE-2026-54410 nanoMODBUS through v1.23.0 contains an off-by-one buffer overflow in the recv_msg_header() function of the Modbus/TCP se CVE-2026-11527 Config::IniFiles versions before 3.001000 for Perl allow OS command injection and file overwrite via a 2-arg open() of t CVE-2026-11526 GD versions before 2.86 for Perl allow OS command injection and file overwrite via a 2-arg open() of filename arguments CVE-2025-15546 The Iptanus File Upload WordPress plugin before 5.1.7 does not implement proper file handling when the duplicatepolicy s MED · CVE-2026-54421 In OpenStack Ironic through 35.0.1, when applying a PATCH to update fields in volume properties the user is authorized f HIGH · CVE-2026-54420 LiteSpeed cPanel plugin before 2.4.8 (as distributed in LiteSpeed WHM PlugIn before 5.3.2.0) mishandles symlinks provide MED · CVE-2026-12176 A vulnerability has been found in SourceCodester CET Automated Grading System with AI Predictive Analytics 1.0. The impa MED · CVE-2026-12175 A vulnerability was detected in CodeAstro Student Attendance Management System 1.0. Impacted is an unknown function of t HIGH · CVE-2026-12174 A security vulnerability has been detected in D-Link DCS-935L 1.10.01. This issue affects the function snprintf of the f CRIT · CVE-2026-12183 Nefteprodukttekhnika BUK TS-G Gas Station Automation System 2.9.1 through 2.10.2 on Linux contains an Improper Authentic HIGH · CVE-2026-6428 SQL Injection in reports/catalogue_out.pl in Koha Community Koha through 22.11.37, 23.x, 24.x before 24.11.16, 25.05.x b HIGH · CVE-2026-5513 The Online Scheduling and Appointment Booking System – Bookly plugin for WordPress is vulnerable to Stored Cross-Site Sc MED · CVE-2026-1291 The Meow Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability che CVE-2026-11624 The Model Context Protocol has a security warning advising servers to validate the "Origin" header on all incoming conne MED · CVE-2026-9629 The Canvas plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tag' parameter in all versions up MED · CVE-2026-3297 The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to Stored Cross-Site Scri MED · CVE-2026-2470 The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to Incorrect Authorizatio MED · CVE-2026-9134 The FooGallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'custom_attribute_key' shortcod HIGH · CVE-2026-9109 The GPTranslate – Multilingual AI Translation for WordPress: Automatically Translate Websites plugin for WordPress is vu CVE-2026-9062 The Store Locator WordPress plugin before 1.6.9 does not validate a parameter before using it in a file path, allowing h CVE-2026-9061 The Store Locator WordPress plugin before 1.6.9 does not sanitize and escape store logo metadata before storing it and o CVE-2026-11769 We have released version 5.24.0 of the Grafana Operator. This patch includes a CRITICAL severity security fix for a path HIGH · CVE-2026-9848 The WP Ticket plugin for WordPress is vulnerable to SQL Injection via the WordPress search query parameter (`s`) in vers MED · CVE-2026-54231 A content injection vulnerability was found in the ABRT post-create event handler scripts in libreport. The event script HIGH · CVE-2026-54230 A symlink following vulnerability was found in the ABRT post-create event handler scripts in libreport. Event scripts wr HIGH · CVE-2026-54229 A race condition was found in the abrt-dbus D-Bus service's ChownProblemDir method. ChownProblemDir opens the dump direc HIGH · CVE-2026-54228 A time-of-check time-of-use (TOCTOU) race condition was found in the abrt-dbus D-Bus service's SetElement method. Betwee MED · CVE-2026-12089 The LWS Optimize – All-in-One Speed Booster & Cache Tools plugin for WordPress is vulnerable to Arbitrary File Read in v CVE-2026-11443 Allegra downloadAttachment Cross-Site Scripting Authentication Bypass Vulnerability. This vulnerability allows remote at CVE-2026-11442 Allegra exportReport Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attacker HIGH · CVE-2026-6676 Heap buffer out-of-bounds write vulnerability in Avira Antivirus engine when scanning a malformed POSIX tar archive may
2035 General 618 Vulnerability Disclosure 595 CVE 381 Campaigns 267 Data Breach 255 Malware

Trending Vendors

Microsoft (587) Google (294) Amazon (197) Intel (154) Apple (120) Linux (115) Cisco (107) Palo Alto Networks (96) GitHub (93) Oracle (54) Check Point (42) WordPress (40) Cloudflare (35) Rapid7 (33) Ivanti (26)

Latest News

Recorded Future General

Remembering Sir Alex Younger

A personal tribute to Sir Alex Younger, former head of MI6, on the friendship, lessons, and clarity he brought to Recorded Future and to those who knew him.

Recorded Future →

Data Breaches

FreeIntelHub · Open-source CTI platform

All articles belong to their respective owners. FreeIntelHub aggregates publicly available RSS feeds for informational purposes only. DMCA