Threat Intelligence Feed

Aggregating 4436 articles from trusted cybersecurity sources

/
LATEST CVEs
CVE-2026-6175 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. CVE-2026-42171 NSIS (Nullsoft Scriptable Install System) 3.06.1 before 3.12 sometimes uses the Low IL temp directory when executing as CVE-2026-41488 LangChain is a framework for building agents and LLM-powered applications. Prior to 1.1.14, langchain-openai's _url_to_s CVE-2026-41481 LangChain is a framework for building agents and LLM-powered applications. Prior to langchain-text-splitters 1.1.2, HTM CVE-2026-41478 Saltcorn is an extensible, open source, no-code database application builder. Prior to 1.4.6, 1.5.6, and 1.6.0-beta.5, a CVE-2026-41473 CyberPanel versions prior to 2.4.4 contain an authentication bypass vulnerability in the AI Scanner worker API endpoints CVE-2026-41472 CyberPanel versions prior to 2.4.4 contain a stored cross-site scripting vulnerability in the AI Scanner dashboard where CVE-2026-41248 Clerk JavaScript is the official JavaScript repository for Clerk authentication. createRouteMatcher in @clerk/nextjs, @c CVE-2026-6968 Incomplete path traversal fixes in awslabs/tough before tough-v0.22.0 allow remote authenticated users with delegated si CVE-2026-6967 Missing expiration, hash, and length enforcement in delegated metadata validation in awslabs/tough before tough-v0.22.0 CVE-2026-6966 Improper verification of cryptographic signature uniqueness in delegated role validation in awslabs/tough before tough-v CVE-2026-41503 BACnet Stack is a BACnet open source protocol stack C library for embedded systems. Prior to 1.4.3, an out-of-bounds rea CVE-2026-41502 BACnet Stack is a BACnet open source protocol stack C library for embedded systems. Prior to 1.4.3, an off-by-one out-of CVE-2026-41477 Deskflow is a keyboard and mouse sharing app. In 1.20.0, 1.26.0.134, and earlier, Deskflow daemon runs as SYSTEM and ex CVE-2026-41476 Deskflow is a keyboard and mouse sharing app. Prior to 1.26.0.138, a remote memory-safety vulnerability in Deskflow's c CVE-2026-41475 BACnet Stack is a BACnet open source protocol stack C library for embedded systems. Prior to 1.4.3, an out-of-bounds rea CVE-2026-41433 OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. From 0.4.0 to befo CVE-2026-41429 arduino-esp32 is an Arduino core for the ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ESP32-C6 and ESP32-H2 microcontrollers. Pr CVE-2026-41428 Budibase is an open-source low-code platform. Prior to 3.35.4, the authenticated middleware uses unanchored regular expr CVE-2026-41427 Better Auth is an authentication and authorization library for TypeScript. Prior to 1.6.5, the clientPrivileges option d CVE-2026-41426 pretalx is a conference planning tool. Prior to 2026.1.0, an unauthenticated attacker can send arbitrary HTML-rendered e CVE-2026-41425 Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to 1.6.11, there is no CSRF protection CVE-2026-41244 Mojic is a CLI tool to transform readable C code into an unrecognizable chaotic stream of emojis. Prior to 2.1.4, the Ci CVE-2026-41907 uuid is for the creation of RFC9562 (formerly RFC4122) UUIDs. Prior to 14.0.0, v3, v5, and v6 accept external output buf CVE-2026-41894 SiYuan is an open-source personal knowledge management system. Prior to 3.6.5, the fix for CVE-2026-30869 only added a d CVE-2026-41492 Dgraph is an open source distributed GraphQL database. Prior to 25.3.3, Dgraphl exposes the process command line through CVE-2026-41421 SiYuan is an open-source personal knowledge management system. Prior to 3.6.5, SiYuan desktop renders notification messa CVE-2026-41419 4ga Boards is a boards system for realtime project management. Prior to 3.3.5, a path traversal vulnerability allows an CVE-2026-41418 4ga Boards is a boards system for realtime project management. Prior to 3.3.5, 4ga Boards is vulnerable to user enumerat CVE-2026-41416 PJSIP is a free and open source multimedia communication library written in C. In 2.16 and earlier, there is an integer CVE-2026-41415 PJSIP is a free and open source multimedia communication library written in C. In 2.16 and earlier, there is an out-of-b CVE-2026-41414 Skim is a fuzzy finder designed to through files, lines, and commands. The generate-files job in .github/workflows/pr.ym CVE-2026-41328 Dgraph is an open source distributed GraphQL database. Prior to 25.3.3, a vulnerability has been found in Dgraph that gi CVE-2026-41327 Dgraph is an open source distributed GraphQL database. Prior to 25.3.3, a vulnerability has been found in Dgraph that gi CVE-2026-41326 Kata Containers is an open source project focusing on a standard implementation of lightweight Virtual Machines (VMs) th CVE-2026-33666 Zserio is a framework for serializing structured data with a compact and efficient way with low overhead. Prior to 2.18. CVE-2026-33662 OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Corte CVE-2026-33524 Zserio is a framework for serializing structured data with a compact and efficient way with low overhead. Prior to 2.18. CVE-2026-42044 Axios is a promise based HTTP client for the browser and Node.js. From 1.0.0 to before 1.15.2, he Axios library is vulne CVE-2026-42043 Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, an attacker who can influe
1885 General 516 Vulnerability Disclosure 508 CVE 363 Campaigns 256 Data Breach 241 Malware

Trending Vendors

Microsoft (427) Google (266) Apple (196) Amazon (175) Intel (147) Cisco (115) GitHub (54) Cloudflare (48) Fortinet (44) Linux (43) Oracle (37) Palo Alto Networks (35) WordPress (33) Check Point (31) F5 (31)

Latest News

Rapid7 Blog Vulnerability Disclosure Rapid7

Metasploit Wrap-Up 04/25/2026

Check Method Visibility Metasploit has supported check methods for many years now. It’s not always desirable to jump straight into exploiting a vulnerability...

Rapid7 Blog →

Data Breaches