Threat Intelligence Feed

HIGH · CVE-2026-49371 In JetBrains TeamCity before 2026.1.1 reflected XSS in the keyword filter was possible CVE-2026-49370 In JetBrains YouTrack before 2026.1.13162 information disclosure was possible on fetchApp requests MED · CVE-2026-49369 In JetBrains YouTrack before 2026.1.13162 information disclosure was possible on Users and Groups pages HIGH · CVE-2026-49368 In JetBrains YouTrack before 2026.1.13162 stored XSS in project notification templates was possible HIGH · CVE-2026-49367 In JetBrains IntelliJ IDEA before 2026.1.1 command execution was possible via the guest user account HIGH · CVE-2026-49366 In JetBrains IntelliJ IDEA before 2026.1.1 command injection was possible via filename completion MED · CVE-2026-47745 Shopper is a Headless e-commerce Admin Panel. Prior to 2.8.0, the admin tables for PaymentMethods, Currencies and Carrie CRIT · CVE-2026-47744 Shopper is a Headless e-commerce Admin Panel. Prior to 2.8.0, two distinct authorization defects in the team settings al MED · CVE-2026-47742 Shopper is a Headless e-commerce Admin Panel. Prior to 2.8.0, Sub-form Livewire components used in the product editor (E MED · CVE-2026-47741 Shopper is a Headless e-commerce Admin Panel. Prior to 2.8.0, CreateOrderFromCartAction::execute previously created the HIGH · CVE-2026-47740 Shopper is a Headless e-commerce Admin Panel. Prior to 2.8.0, Multiple Filament actions on the admin Order detail and Or HIGH · CVE-2026-46372 SillyTavern is a locally installed user interface that allows users to interact with text generation large language mode MED · CVE-2026-46344 liboqs is a C-language cryptographic library that provides implementations of post-quantum cryptography algorithms. Prio CVE-2026-44652 SillyTavern is a locally installed user interface that allows users to interact with text generation large language mode CVE-2026-44651 SillyTavern is a locally installed user interface that allows users to interact with text generation large language mode CRIT · CVE-2026-44650 SillyTavern is a locally installed user interface that allows users to interact with text generation large language mode CRIT · CVE-2026-44649 SillyTavern is a locally installed user interface that allows users to interact with text generation large language mode HIGH · CVE-2026-44648 SillyTavern is a locally installed user interface that allows users to interact with text generation large language mode MED · CVE-2026-44611 Danelec MacGregor Voyage Data Recorder passwords are stored with a hashing method which limits password length and is su MED · CVE-2026-44518 liboqs is a C-language cryptographic library that provides implementations of post-quantum cryptography algorithms. Prio MED · CVE-2026-42951 An authenticated user can download a backup of the Danelec MacGregor Voyage Data Recorder device which includes accoun HIGH · CVE-2026-42941 The Danelec MacGregor Voyage Data Recorder device includes a default username and password, with no enforced password c HIGH · CVE-2026-42929 Danelec MacGregor Voyage Data Recorder includes default accounts with hard-coded credentials. MED · CVE-2026-40425 The administrator account for the Danelec MacGregor Voyage Data Recorder web interface can directly edit sensitive file CRIT · CVE-2026-7786 Jinan USR IOT Technology Limited (PUSR) USR-W610 RS232/485 to Wi-Fi/Ethernet Converter device firmware contains plaintex HIGH · CVE-2026-6824 A stored cross-site scripting (XSS) vulnerability exists in certain 1xxx series NVR devices due to insufficient sanitiza HIGH · CVE-2026-5768 The Frontier X2 device allows unauthenticated BLE read/write access to critical GATT characteristics without enforcing p CRIT · CVE-2026-5386 The affected KMW CCTV Security Cameras are vulnerable to a critical unauthenticated password reset. This flaw allows an HIGH · CVE-2026-47179 Arcane is an interface for managing Docker containers, images, networks, and volumes. Prior to 1.19.4, ProjectService.Ge HIGH · CVE-2026-47125 Arcane is an interface for managing Docker containers, images, networks, and volumes. Prior to 1.19.2, the PUT /api/envi CVE-2026-45668 Trilium Notes is a cross-platform, hierarchical note taking application focused on building large personal knowledge bas CRIT · CVE-2026-45661 Dokploy is a free, self-hostable Platform as a Service (PaaS). In 0.26.5 and earlier, a critical path traversal vulnerab MED · CVE-2026-45660 Statamic is a Laravel and Git powered content management system (CMS). Prior to 5.73.22 and 6.18.1, the Glide image prox CRIT · CVE-2026-45633 Dokploy is a free, self-hostable Platform as a Service (PaaS). In 0.26.6 and earlier, Dokploy contains a command injecti CRIT · CVE-2026-45632 Dokploy is a free, self-hostable Platform as a Service (PaaS). In 0.26.7 and earlier, the schedule router does not enfor CRIT · CVE-2026-45631 Dokploy is a free, self-hostable Platform as a Service (PaaS). From 0.27.0 to before 0.29.3, a hardcoded BETTER_AUTH_SEC CRIT · CVE-2026-45630 Dokploy is a free, self-hostable Platform as a Service (PaaS). In 0.28.8 and earlier, authenticated OS command injection CRIT · CVE-2026-45629 Dokploy is a free, self-hostable Platform as a Service (PaaS). In 0.28.8 and earlier, authenticated OS command injection CRIT · CVE-2026-45628 Dokploy is a free, self-hostable Platform as a Service (PaaS). In 0.29.2 and earlier, Dokploy constructs shell commands HIGH · CVE-2026-45627 Arcane is an interface for managing Docker containers, images, networks, and volumes. Prior to 1.19.0, the unauthenticat HIGH · CVE-2026-49371 In JetBrains TeamCity before 2026.1.1 reflected XSS in the keyword filter was possible CVE-2026-49370 In JetBrains YouTrack before 2026.1.13162 information disclosure was possible on fetchApp requests MED · CVE-2026-49369 In JetBrains YouTrack before 2026.1.13162 information disclosure was possible on Users and Groups pages HIGH · CVE-2026-49368 In JetBrains YouTrack before 2026.1.13162 stored XSS in project notification templates was possible HIGH · CVE-2026-49367 In JetBrains IntelliJ IDEA before 2026.1.1 command execution was possible via the guest user account HIGH · CVE-2026-49366 In JetBrains IntelliJ IDEA before 2026.1.1 command injection was possible via filename completion MED · CVE-2026-47745 Shopper is a Headless e-commerce Admin Panel. Prior to 2.8.0, the admin tables for PaymentMethods, Currencies and Carrie CRIT · CVE-2026-47744 Shopper is a Headless e-commerce Admin Panel. Prior to 2.8.0, two distinct authorization defects in the team settings al MED · CVE-2026-47742 Shopper is a Headless e-commerce Admin Panel. Prior to 2.8.0, Sub-form Livewire components used in the product editor (E MED · CVE-2026-47741 Shopper is a Headless e-commerce Admin Panel. Prior to 2.8.0, CreateOrderFromCartAction::execute previously created the HIGH · CVE-2026-47740 Shopper is a Headless e-commerce Admin Panel. Prior to 2.8.0, Multiple Filament actions on the admin Order detail and Or HIGH · CVE-2026-46372 SillyTavern is a locally installed user interface that allows users to interact with text generation large language mode MED · CVE-2026-46344 liboqs is a C-language cryptographic library that provides implementations of post-quantum cryptography algorithms. Prio CVE-2026-44652 SillyTavern is a locally installed user interface that allows users to interact with text generation large language mode CVE-2026-44651 SillyTavern is a locally installed user interface that allows users to interact with text generation large language mode CRIT · CVE-2026-44650 SillyTavern is a locally installed user interface that allows users to interact with text generation large language mode CRIT · CVE-2026-44649 SillyTavern is a locally installed user interface that allows users to interact with text generation large language mode HIGH · CVE-2026-44648 SillyTavern is a locally installed user interface that allows users to interact with text generation large language mode MED · CVE-2026-44611 Danelec MacGregor Voyage Data Recorder passwords are stored with a hashing method which limits password length and is su MED · CVE-2026-44518 liboqs is a C-language cryptographic library that provides implementations of post-quantum cryptography algorithms. Prio MED · CVE-2026-42951 An authenticated user can download a backup of the Danelec MacGregor Voyage Data Recorder device which includes accoun HIGH · CVE-2026-42941 The Danelec MacGregor Voyage Data Recorder device includes a default username and password, with no enforced password c HIGH · CVE-2026-42929 Danelec MacGregor Voyage Data Recorder includes default accounts with hard-coded credentials. MED · CVE-2026-40425 The administrator account for the Danelec MacGregor Voyage Data Recorder web interface can directly edit sensitive file CRIT · CVE-2026-7786 Jinan USR IOT Technology Limited (PUSR) USR-W610 RS232/485 to Wi-Fi/Ethernet Converter device firmware contains plaintex HIGH · CVE-2026-6824 A stored cross-site scripting (XSS) vulnerability exists in certain 1xxx series NVR devices due to insufficient sanitiza HIGH · CVE-2026-5768 The Frontier X2 device allows unauthenticated BLE read/write access to critical GATT characteristics without enforcing p CRIT · CVE-2026-5386 The affected KMW CCTV Security Cameras are vulnerable to a critical unauthenticated password reset. This flaw allows an HIGH · CVE-2026-47179 Arcane is an interface for managing Docker containers, images, networks, and volumes. Prior to 1.19.4, ProjectService.Ge HIGH · CVE-2026-47125 Arcane is an interface for managing Docker containers, images, networks, and volumes. Prior to 1.19.2, the PUT /api/envi CVE-2026-45668 Trilium Notes is a cross-platform, hierarchical note taking application focused on building large personal knowledge bas CRIT · CVE-2026-45661 Dokploy is a free, self-hostable Platform as a Service (PaaS). In 0.26.5 and earlier, a critical path traversal vulnerab MED · CVE-2026-45660 Statamic is a Laravel and Git powered content management system (CMS). Prior to 5.73.22 and 6.18.1, the Glide image prox CRIT · CVE-2026-45633 Dokploy is a free, self-hostable Platform as a Service (PaaS). In 0.26.6 and earlier, Dokploy contains a command injecti CRIT · CVE-2026-45632 Dokploy is a free, self-hostable Platform as a Service (PaaS). In 0.26.7 and earlier, the schedule router does not enfor CRIT · CVE-2026-45631 Dokploy is a free, self-hostable Platform as a Service (PaaS). From 0.27.0 to before 0.29.3, a hardcoded BETTER_AUTH_SEC CRIT · CVE-2026-45630 Dokploy is a free, self-hostable Platform as a Service (PaaS). In 0.28.8 and earlier, authenticated OS command injection CRIT · CVE-2026-45629 Dokploy is a free, self-hostable Platform as a Service (PaaS). In 0.28.8 and earlier, authenticated OS command injection CRIT · CVE-2026-45628 Dokploy is a free, self-hostable Platform as a Service (PaaS). In 0.29.2 and earlier, Dokploy constructs shell commands HIGH · CVE-2026-45627 Arcane is an interface for managing Docker containers, images, networks, and volumes. Prior to 1.19.0, the unauthenticat