/

Threat Intelligence Feed

Aggregating 3074 articles from trusted cybersecurity sources

/
All General Vulnerability Disclosure CVE Campaigns Data Breach Malware Ransomware Zero-Day
LATEST CVEs
CVE-2026-25608 STER uses unencrypted TCP traffic to transmit data over the network. It allows an attacker to conduct a Man-In-The-Middl CVE-2026-25607 Use of a weak password encoding algorithm in STER software allows the value of the password to be guessed after analyzin CVE-2026-25606 A SQL injection vulnerability has been identified in STER. Improper neutralization of input provided by user into multip HIGH · CVE-2026-9011 The Ditty – Responsive News Tickers, Sliders, and Lists plugin for WordPress is vulnerable to authorization bypass in al MED · CVE-2026-8692 The Vedrixa Forms – User Registration Form, Signup Form & Drag & Drop Form Builder plugin for WordPress is vulnerable to MED · CVE-2026-8684 The MotoPress Hotel Booking plugin for WordPress is vulnerable to authorization bypass in all versions up to, and includ HIGH · CVE-2026-8679 The AudioIgniter plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including MED · CVE-2026-8381 A broken access control vulnerability exists in the TeamViewer DEX Platform (On‑Premises) prior version 9.2. Certain bac MED · CVE-2026-7798 The FluentCRM – Email Newsletter, Automation, Email Marketing, Email Campaigns, Optins, Leads, and CRM Solution plugin f MED · CVE-2026-7636 The Slider by Soliloquy – Responsive Image Slider for WordPress plugin for WordPress is vulnerable to Sensitive Informat MED · CVE-2026-7615 The Widget Context plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including CVE-2026-5072 A bitwise shift vulnerability in Zephyr's PTP subsystem allows a remote attacker to cause undefined behavior and potenti MED · CVE-2026-9104 The Draft List plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Draft Post Title in all versions up HIGH · CVE-2026-9018 The Easy Elements for Elementor – Addons & Website Templates plugin for WordPress is vulnerable to Privilege Escalation MED · CVE-2026-7509 The KIA Subtitle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `the-subtitle` short MED · CVE-2026-7249 The Location Weather plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability c MED · CVE-2026-6864 The CBX 5 Star Rating & Review plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' param MED · CVE-2026-4070 The Alfie – Feed Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and incl MED · CVE-2026-44409 There is an an information disclosure vulnerability in ZTE MU5250. Due to improper configuration of the access control m MED · CVE-2026-3481 The WP Blockade plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'shortcode' parameter in al MED · CVE-2026-2518 The FastX theme for WordPress is vulnerable to unauthorized limited plugin installation and activation due to missing ca CVE-2026-9054 An attacker sending tcp, il, rudp, rudp, or gre packets with a length less than the header size would trigger a kernel p CVE-2026-9053 Mothra would respect a default value given by a website for HTML file upload forms. An attacker could craft a website wi HIGH · CVE-2026-4834 The WP ERP Pro plugin for WordPress is vulnerable to SQL Injection via the 'search_key' parameter in all versions up to, CVE-2026-46598 For certain crafted inputs, a 'ed25519.PrivateKey' was created by casting malformed wire bytes, leading to a panic when CVE-2026-46597 An incorrectly placed cast from bytes to int allowed for server-side panic in the AES-GCM packet decoder for well-crafte CVE-2026-46595 Previously, CVE-2024-45337 fixed an authorization bypass for misused ssh server configurations; if any other type of cal CVE-2026-42508 Previously, a revoked 'SignatureKey' belonging to a CA was not correctly checked for revocation. Now, both the 'key' and CVE-2026-39835 SSH servers which use CertChecker as a public key callback without setting IsUserAuthority or IsHostAuthority could be c CVE-2026-39834 When writing data larger than 4GB in a single Write call on an SSH channel, an integer overflow in the internal payload CVE-2026-39833 The in-memory keyring returned by NewKeyring() silently accepted keys with the ConfirmBeforeUse constraint but never enf CVE-2026-39832 When adding a key to a remote agent constraint extensions such as restrict-destination-v00@openssh.com were not serializ CVE-2026-39831 The Verify() method for FIDO/U2F security key types (sk-ecdsa-sha2-nistp256@openssh.com, sk-ssh-ed25519@openssh.com) did CVE-2026-39830 A malicious SSH peer could send unsolicited global request responses to fill an internal buffer, blocking the connection CVE-2026-39829 The RSA and DSA public key parsers did not enforce size limits on key parameters. A crafted public key with an excessive CVE-2026-39828 When an SSH server authentication callback returned PartialSuccessError with non-nil Permissions, those permissions were CVE-2026-39827 An authenticated SSH client that repeatedly opened channels which were rejected by the server caused unbounded memory gr CVE-2026-9264 A cross-site scripting (XSS) vulnerability in SketchUp 2026's Dynamic Components feature allows remote code execution an HIGH · CVE-2026-34911 A malicious actor with access to the network and low privileges could exploit a Path Traversal vulnerability found in Un CRIT · CVE-2026-34910 A malicious actor with access to the network could exploit an Improper Input Validation vulnerability found in UniFi OS
1263 General 397 Vulnerability Disclosure 396 CVE 225 Campaigns 175 Data Breach 153 Malware

Trending Vendors

Microsoft (368) Google (176) Amazon (129) Apple (87) Intel (85) Linux (83) Cisco (78) GitHub (69) Palo Alto Networks (65) Oracle (31) Cloudflare (23) F5 (23) Check Point (21) Trend Micro (21) Rapid7 (19)

Latest News

Trail of Bits TTPs

Extending Ruzzy with LibAFL

LibAFL is all the rage in the fuzzing community these days, especially with LLVM’s libFuzzer being placed in maintenance mode. Written in Rust, LibAFL claims...

Trail of Bits →

Data Breaches

FreeIntelHub · Open-source CTI platform

All articles belong to their respective owners. FreeIntelHub aggregates publicly available RSS feeds for informational purposes only. DMCA