/

Threat Intelligence Feed

Aggregating 3530 articles from trusted cybersecurity sources

/
All General Vulnerability Disclosure CVE Campaigns Data Breach Malware Ransomware Zero-Day
LATEST CVEs
CRIT · CVE-2026-45625 Arcane is an interface for managing Docker containers, images, networks, and volumes. Prior to 1.19.0, Arcane's huma-bas CVE-2026-45577 Neotoma provides versioned records that persist across agent runs. From 0.6.0 to before 0.11.1, Neotoma can treat public HIGH · CVE-2026-44697 Klever-Go is the Go implementation of the Klever blockchain protocol. Prior to 1.7.17, a remote, unauthenticated denial- CVE-2026-43917 Dokploy is a free, self-hostable Platform as a Service (PaaS). In 0.19.0 and earlier, the protectedProcedure middleware HIGH · CVE-2026-10108 xiaomusic v0.5.7 contains an unauthenticated path traversal vulnerability in the GET /music/{file_path:path} endpoint th HIGH · CVE-2026-10107 MoviePilot v2 contains a server-side request forgery vulnerability in the image proxy endpoint that allows authenticated HIGH · CVE-2026-10105 agno 2.6.5 contains a SQL injection vulnerability in the ClickHouse vector database backend that allows attackers to inj MED · CVE-2026-10070 A vulnerability was found in macrozheng mall up to 1.0.3. This affects an unknown function of the file /admin/update/ of CVE-2026-9194 Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All r HIGH · CVE-2026-48501 GitHub CLI (gh) is GitHub’s official command line tool. Prior to 2.93.0, GitHub CLI incorrectly includes authorization h CRIT · CVE-2026-45663 Dokploy is a free, self-hostable Platform as a Service (PaaS). In 0.29.1 and earlier, a command injection vulnerability HIGH · CVE-2026-45662 Dokploy is a free, self-hostable Platform as a Service (PaaS). In 0.29.0 and earlier, the deleteRegistry function in Dok CRIT · CVE-2026-44962 Plesk contains an XPath injection vulnerability in the APS Application Catalog search functionality, where user-supplied HIGH · CVE-2026-39276 The template upload feature in Emlog Pro v2.6.9 has a path traversal vulnerability, allowing authenticated administrator MED · CVE-2026-39229 Bolt CMS through 3.7.0 allows SQL Injection in the 'order' parameter of the content listing pages. An authenticated atta CVE-2026-36324 SourceCodester Doctor Appointment System 1.0 is vulnerable to Cross Site Scripting (XSS) due to improper handling of use HIGH · CVE-2026-35674 OpenClaw before 2026.5.18 contains a scope bypass vulnerability in the Gateway chat.send route that allows scoped client MED · CVE-2026-35673 OpenClaw before 2026.4.29 contains an SSRF policy bypass vulnerability in browser debug and export routes that allows re HIGH · CVE-2026-35630 OpenClaw before 2026.5.18 contains an authorization bypass vulnerability in QQBot native approval buttons that fails to MED · CVE-2026-34507 OpenClaw before 2026.4.29 contains a policy bypass vulnerability in QQBot admin commands that allows authenticated sende CVE-2026-33386 QuickCMS is vulnerable to Cross-Site Scripting (XSS) through its insecure HTTP-based plugin‑fetching mechanism. A malici CVE-2026-33384 QuickCMS allows a user's session identifier to be set before authentication. The value of this session ID stays the same MED · CVE-2026-32906 OpenClaw before 2026.5.12 contains a privilege escalation vulnerability in Slack plugin approvals that allows exec-autho HIGH · CVE-2026-32905 OpenClaw before 2026.5.4 contains an authorization bypass vulnerability in the bundled device-pair plugin that allows no MED · CVE-2026-10101 ACM/MCE assisted-service writes raw referenced pull-secret contents into `InfraEnv.status.conditions[].message` when pul MED · CVE-2026-10099 XX-Net V5.16.6 contains a WebSocket frame parsing vulnerability in the WebSocket_receive_worker routine of simple_http_s HIGH · CVE-2026-10069 A vulnerability has been found in Shibby Tomato 1.28. The impacted element is an unknown function of the file usr/sbin/m HIGH · CVE-2026-10068 A flaw has been found in Shibby Tomato 1.28. The affected element is the function send of the file usr/sbin/miniupnpd of HIGH · CVE-2026-10067 A vulnerability was detected in Shibby Tomato 1.28. Impacted is the function sub_90F0 of the file multimon.cgi. The mani HIGH · CVE-2026-10066 A security vulnerability has been detected in Shibby Tomato up to 1.28. This issue affects the function sub_9068 of the HIGH · CVE-2026-10065 A weakness has been identified in Shibby Tomato 1.28. This vulnerability affects the function get_ups_field of the file MED · CVE-2026-10064 A security flaw has been discovered in TRENDnet TEW-432BRP 3.10B20. This affects the function formSetPortTr of the file HIGH · CVE-2018-25404 The Open ISES Project 3.30A contains an SQL injection vulnerability that allows unauthenticated attackers to execute arb HIGH · CVE-2018-25403 The Open ISES Project 3.30A contains an SQL injection vulnerability that allows unauthenticated attackers to execute arb HIGH · CVE-2018-25402 The Open ISES Project 3.30A contains an SQL injection vulnerability that allows unauthenticated attackers to execute arb HIGH · CVE-2018-25401 The Open ISES Project 3.30A contains an SQL injection vulnerability that allows unauthenticated attackers to execute arb HIGH · CVE-2018-25400 The Open ISES Project 3.30A contains an SQL injection vulnerability that allows unauthenticated attackers to execute arb HIGH · CVE-2018-25399 The Open ISES Project 3.30A contains an SQL injection vulnerability that allows unauthenticated attackers to execute arb HIGH · CVE-2018-25398 The Open ISES Project 3.30A contains an SQL injection vulnerability that allows unauthenticated attackers to execute arb MED · CVE-2018-25397 PHP-SHOP 1.0 contains a cross-site request forgery vulnerability that allows unauthenticated attackers to add administra
1454 General 455 Vulnerability Disclosure 440 CVE 264 Campaigns 201 Data Breach 183 Malware

Trending Vendors

Microsoft (414) Google (205) Amazon (151) Intel (99) Apple (95) Linux (91) Cisco (82) GitHub (76) Palo Alto Networks (71) Oracle (33) Cloudflare (25) Rapid7 (25) Check Point (23) F5 (23) Trend Micro (22)

Latest News

Recorded Future General

April 2026 CVE Landscape

In April 2026, Insikt Group® identified 37 high-impact vulnerabilities that should be prioritized for remediation, 35 of which had a Very Critical Recorded F...

Recorded Future →

Data Breaches

FreeIntelHub · Open-source CTI platform

All articles belong to their respective owners. FreeIntelHub aggregates publicly available RSS feeds for informational purposes only. DMCA