/

Threat Intelligence Feed

Aggregating 4527 articles from trusted cybersecurity sources

/
All General Vulnerability Disclosure CVE Campaigns Data Breach Malware Zero-Day Ransomware
LATEST CVEs
MED · CVE-2026-9754 An authenticated user with the read role may read limited amounts of uninitialized stack memory via specially-crafted is HIGH · CVE-2026-9753 The $_internalApplyOplogUpdate aggregation pipeline stage can be used to execute a document diff containing a malformed MED · CVE-2026-9752 An authorized user could trigger a server crash by running a query with a 2dsphere index on a field that stores a GeoJSO MED · CVE-2026-9751 The ldapQueryPassword parameter, when set through the runtime setParameter command, will log the new password to the mon MED · CVE-2026-9750 An authenticated user can cause a MongoDB server to crash or return incorrect results by creating documents that interfe MED · CVE-2026-9749 This issue can occur when running an aggregation pipeline that uses the internal $exchange stage configured with key-ran MED · CVE-2026-9748 The $_internalConvertBucketIndexStats stage used PauseExecution as a way to signal "skip this document" when an index st MED · CVE-2026-9747 Adding fromRouter:true and runtimeConstants.userRoles could cause aggregations to crash mongodb server. MED · CVE-2026-9746 When using $changestreams and $_requestReshardingResumeToken with the exchange option the server hits an invariant which MED · CVE-2026-9743 In MongoDB Server 8.0, an aggregation stage can leave its _subPipeline field null during processing of certain pipelines HIGH · CVE-2026-9742 When OIDC authentication is enabled in configuration, clients may set specific values in the "mechanism" parameter of th MED · CVE-2026-9741 A bug in query analysis processing of the $vectorSearch aggregation stage for Queryable Encryption (QE) or Client-Side F HIGH · CVE-2026-9740 A vulnerability in MongoDB Server's BSON validation logic allows an unauthenticated user to crash the mongod process by MED · CVE-2026-9735 MongoDB server may log authentication parameters, including credentials, to the server log during SASL authentication. W MED · CVE-2026-46433 lldpd is an implementation of IEEE 802.1ab (LLDP). Prior to version 1.0.22, lldpd_decode() in src/daemon/lldpd.c strips HIGH · CVE-2026-46374 SQLFluff is a modular SQL linter and auto-formatter with support for multiple dialects and templated code. Prior to vers HIGH · CVE-2026-46373 SQLFluff is a modular SQL linter and auto-formatter with support for multiple dialects and templated code. Prior to vers CVE-2026-44963 A vulnerability allowing remote code execution (RCE) on the Backup Server by an authenticated domain user. CVE-2026-10238 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. MED · CVE-2026-47905 CAI Content Credentials versions c2pa-web@0.7.1, c2pa-v0.80.1 and earlier are affected by an Uncontrolled Resource Consu MED · CVE-2026-47904 CAI Content Credentials versions c2pa-web@0.7.1, c2pa-v0.80.1 and earlier are affected by an Uncontrolled Resource Consu MED · CVE-2026-47903 CAI Content Credentials versions c2pa-web@0.7.1, c2pa-v0.80.1 and earlier are affected by an Improper Input Validation v MED · CVE-2026-47902 CAI Content Credentials versions c2pa-web@0.7.1, c2pa-v0.80.1 and earlier are affected by an Uncontrolled Resource Consu HIGH · CVE-2026-34713 CAI Content Credentials versions c2pa-web@0.7.1, c2pa-v0.80.1 and earlier are affected by an Uncontrolled Resource Consu HIGH · CVE-2026-34712 CAI Content Credentials versions c2pa-web@0.7.1, c2pa-v0.80.1 and earlier are affected by an Improper Input Validation v HIGH · CVE-2026-34711 CAI Content Credentials versions c2pa-web@0.7.1, c2pa-v0.80.1 and earlier are affected by an Integer Overflow or Wraparo MED · CVE-2026-34657 CAI Content Credentials versions c2pa-web@0.7.1, c2pa-v0.80.1 and earlier are affected by an Improper Limitation of a Pa MED · CVE-2026-34417 OSCAL-GUI contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to execute arbit MED · CVE-2026-25860 OpenClinic GA 5.351.19 contains a reflected cross-site scripting vulnerability in the DICOM image upload handler that al CRIT · CVE-2026-48303 Adobe Campaign Classic (ACC) versions 7.4.3 build 9394 and earlier are affected by an Incorrect Authorization vulnerabil HIGH · CVE-2026-48292 Format Plugins versions 1.1.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result i HIGH · CVE-2026-48291 Format Plugins versions 1.1.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result i MED · CVE-2026-47961 Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by an out-of-bounds read vulnerability that HIGH · CVE-2026-47960 ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Improper Restriction of XML External Entity Reference HIGH · CVE-2026-47959 Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by a Stack-based Buffer Overflow vulnerabili HIGH · CVE-2026-47955 Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by a Use After Free vulnerability that could HIGH · CVE-2026-47952 Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by a Heap-based Buffer Overflow vulnerabilit CRIT · CVE-2026-47938 Adobe Campaign Classic (ACC) versions 7.4.3 build 9394 and earlier are affected by a Server-Side Request Forgery (SSRF) HIGH · CVE-2026-47937 Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by an Uncontrolled Search Path Element vulne MED · CVE-2026-47933 ColdFusion versions 2023.19, 2025.8 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that c
1883 General 581 Vulnerability Disclosure 561 CVE 352 Campaigns 245 Data Breach 227 Malware

Trending Vendors

Microsoft (546) Google (271) Amazon (191) Intel (136) Apple (116) Cisco (107) Linux (107) Palo Alto Networks (89) GitHub (84) Oracle (45) WordPress (39) Check Point (37) Cloudflare (32) Rapid7 (32) Trend Micro (25)

Latest News

CSO Online General Microsoft NEW

AI red teaming comes of age

When Ram Shankar Siva Kumar launched Microsoft’s AI red team in 2019, the discipline barely existed. “The running joke used to be that people who used to wor...

CSO Online →

Data Breaches

FreeIntelHub · Open-source CTI platform

All articles belong to their respective owners. FreeIntelHub aggregates publicly available RSS feeds for informational purposes only. DMCA