Threat Intelligence Feed

Aggregating 2907 articles from trusted cybersecurity sources

/
LATEST CVEs
CVE-2026-5988 A vulnerability was detected in Tenda F451 1.0.0.7. This impacts the function formWrlsafeset of the file /goform/AdvSetW CVE-2026-5987 A security vulnerability has been detected in Sanluan PublicCMS up to 6.202506.d. This affects the function AbstractFree CVE-2026-5986 A weakness has been identified in Zod jsVideoUrlParser up to 0.5.1. The impacted element is the function getTime in the CVE-2026-5985 A security flaw has been discovered in code-projects Simple IT Discussion Forum 1.0. The affected element is an unknown CVE-2026-5507 When restoring a session from cache, a pointer from the serialized session data is used in a free operation without vali CVE-2026-5504 A padding oracle exists in wolfSSL's PKCS7 CBC decryption that could allow an attacker to recover plaintext through repe CVE-2026-5503 In TLSX_EchChangeSNI, the ctx->extensions branch set extensions unconditionally even when TLSX_Find returned NULL. This CVE-2026-5295 A stack buffer overflow exists in wolfSSL's PKCS7 implementation in the wc_PKCS7_DecryptOri() function in wolfcrypt/src/ CVE-2026-34424 Smart Slider 3 Pro version 3.5.1.35 for WordPress and Joomla contains a multi-stage remote access toolkit injected throu CVE-2026-5984 A vulnerability was identified in D-Link DIR-605L 2.13B01. Impacted is the function formSetLog of the file /goform/formS CVE-2026-5983 A vulnerability was determined in D-Link DIR-605L 2.13B01. This issue affects the function formSetDDNS of the file /gofo CVE-2026-5982 A vulnerability was found in D-Link DIR-605L 2.13B01. This vulnerability affects the function formAdvNetwork of the file CVE-2026-5981 A vulnerability has been found in D-Link DIR-605L 2.13B01. This affects the function formAdvFirewall of the file /goform CVE-2026-5778 Integer underflow in wolfSSL packet sniffer <= 5.9.0 allows an attacker to cause a program crash in the AEAD decryption CVE-2026-5772 A 1-byte stack buffer over-read was identified in the MatchDomainName function (src/internal.c) during wildcard hostname CVE-2026-5264 Heap buffer overflow in DTLS 1.3 ACK message processing. A remote attacker can send a crafted DTLS 1.3 ACK message that CVE-2026-5263 URI nameConstraints from constrained intermediate CAs are parsed but not enforced during certificate chain verification CVE-2026-40154 PraisonAI is a multi-agent teams system. Prior to 4.5.128, PraisonAI treats remotely fetched template files as trusted e CVE-2026-40153 PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, the execute_command function in shell_tools.py calls os CVE-2026-40152 PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, he list_files() tool in FileTools validates the directo CVE-2026-40151 PraisonAI is a multi-agent teams system. Prior to 4.5.128, the AgentOS deployment platform exposes a GET /api/agents end CVE-2026-40150 PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, the web_crawl() function in praisonaiagents/tools/web_c CVE-2026-40149 PraisonAI is a multi-agent teams system. Prior to 4.5.128, the gateway's /api/approval/allow-list endpoint permits unaut CVE-2026-40148 PraisonAI is a multi-agent teams system. Prior to 4.5.128, the _safe_extractall() function in PraisonAI's recipe registr CVE-2026-40117 PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, read_skill_file() in skill_tools.py allows reading arbi CVE-2026-40116 PraisonAI is a multi-agent teams system. Prior to 4.5.128, the /media-stream WebSocket endpoint in PraisonAI's call modu CVE-2026-40115 PraisonAI is a multi-agent teams system. Prior to 4.5.128, the WSGI-based recipe registry server (server.py) reads the e CVE-2026-40114 PraisonAI is a multi-agent teams system. Prior to 4.5.128, the /api/v1/runs endpoint accepts an arbitrary webhook_url in CVE-2026-40113 PraisonAI is a multi-agent teams system. Prior to 4.5.128, deploy.py constructs a single comma-delimited string for the CVE-2026-40112 PraisonAI is a multi-agent teams system. Prior to 4.5.128, the Flask API endpoint in src/praisonai/api.py renders agent CVE-2026-40111 PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, he memory hooks executor in praisonaiagents passes a us CVE-2026-39848 Dockyard is a Docker container management app. Prior to 1.1.0, Docker container start and stop operations are performed CVE-2026-35646 OpenClaw before 2026.3.25 contains a pre-authentication rate-limit bypass vulnerability in webhook token validation that CVE-2026-35645 OpenClaw before 2026.3.25 contains a privilege escalation vulnerability in the gateway plugin subagent fallback deleteSe CVE-2026-35644 OpenClaw before 2026.3.22 contains an information disclosure vulnerability that allows attackers with operator.read scop CVE-2026-35642 OpenClaw before 2026.3.25 contains an authorization bypass vulnerability where group reaction events bypass the requireM CVE-2026-35640 OpenClaw before 2026.3.25 parses JSON request bodies before validating webhook signatures, allowing unauthenticated atta CVE-2026-35639 OpenClaw before 2026.3.22 contains a privilege escalation vulnerability in the device.pair.approve method that allows an CVE-2026-35638 OpenClaw before 2026.3.22 contains a privilege escalation vulnerability in the Control UI that allows unauthenticated se CVE-2026-35637 OpenClaw before 2026.3.22 performs cite expansion before completing channel and DM authorization checks, allowing cite w
1215 General 368 CVE 345 Vulnerability Disclosure 232 Campaigns 160 Malware 151 Data Breach

Trending Vendors

Microsoft (237) Google (170) Apple (128) Amazon (115) Intel (91) Cisco (84) Fortinet (35) Linux (33) GitHub (29) Check Point (26) Cloudflare (26) Rapid7 (25) Oracle (23) WordPress (23) Palo Alto Networks (22)

Latest News

Qualys Blog Vulnerability Disclosure

The Broken Physics of Remediation

The race most security programs are built around — patch faster than the attacker can exploit — was designed for a threat landscape that no longer exists. Th...

Qualys Blog →

Data Breaches