Threat Intelligence Feed

Aggregating 7486 articles from trusted cybersecurity sources

LATEST CVEs
HIGH · CVE-2026-55175 Spinnaker is an open source, multi-cloud continuous delivery platform. Prior to versions 2026.1.1, 2026.0.3, 2025.4.4, a HIGH · CVE-2026-44383 Multiple connections to the backend using the same charging station ID are allowed, which could allow an attacker to de HIGH · CVE-2026-42952 Previously, there was no throttling on repeated authentication attempts to the charging station backend, which could al CRIT · CVE-2026-20744 The charging station websocket endpoint accepts connections without proper authentication, which could lead to privileg CVE-2026-15089 vulnerability in Drupal Commerce guest registration allows . This issue affects Commerce guest registration versions: *. CVE-2026-15087 vulnerability in Drupal Clean RESTful allows . This issue affects Clean RESTful versions: *.*. CVE-2026-15086 vulnerability in Drupal Raw Formatter [Meta Tag Formatter] allows . This issue affects Raw Formatter [Meta Tag Formatter CRIT · CVE-2026-14480 OpenPLC Runtime v3 contains an authenticated arbitrary file write vulnerability in the legacy web UI program‑upload wor CVE-2026-14286 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. CVE-2026-11915 vulnerability in Drupal Brute force attack protection allows . This issue affects Brute force attack protection versions CVE-2026-11914 vulnerability in Drupal Composer allows . This issue affects Composer versions: *.*. CVE-2026-11913 vulnerability in Drupal Mother May I allows . This issue affects Mother May I versions: *.*. CVE-2026-59155 Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. Prior to 2.2.5, the GET CVE-2026-58591 Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal Colorbox al CVE-2026-58590 Missing Authorization vulnerability in Drupal FlowDrop allows Forceful Browsing. This issue affects FlowDrop versions: f CVE-2026-58589 Missing Authorization vulnerability in Drupal FlowDrop allows Forceful Browsing. This issue affects FlowDrop versions: f CVE-2026-58588 Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal Drupal Canv CVE-2026-58587 Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal Drupal Canv CVE-2026-58503 Frappe is a full-stack web application framework. Prior to 16.16.0 and 15.106.0, user enumeration could be performed via CVE-2026-57584 Phalcon is a high-performance, full-stack PHP framework. Prior to 5.15.0, every Phalcon MVC application built with a def CVE-2026-55884 Tilt defines dev environments as code for microservice apps on Kubernetes. From 0.20.8 through 0.37.3, the Tilt HUD HTTP CVE-2026-55883 Tilt defines dev environments as code for microservice apps on Kubernetes. From 0.24.0 through 0.37.3, the Tilt HUD WebS CVE-2026-55882 Tilt defines dev environments as code for microservice apps on Kubernetes. From 0.19.5 through 0.37.3, the Tilt HUD serv CVE-2026-55852 Frappe is a full-stack web application framework. Prior to 16.23.0 and 15.112.0, TarSlip RCE was possible in Package Imp CVE-2026-55810 Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Plotly.js Graphin CVE-2026-55809 Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Flag attendance f CVE-2026-55808 Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal Drupal core CVE-2026-55807 Server-Side Request Forgery (SSRF) vulnerability in Drupal Drupal core allows Server Side Request Forgery. This issue af CVE-2026-55806 URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Drupal Drupal core allows Content Spoofing. This is CVE-2026-55804 Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Drupal core allow CVE-2026-55803 Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Drupal core allow MED · CVE-2026-55187 Mailpit is an email testing tool and API for developers. Prior to 1.30.2, the remediation shipped for CVE-2026-27808 is CVE-2026-54736 Phalcon is a high-performance, full-stack PHP framework. Prior to 5.14.1, Phalcon\Encryption\Crypt::decrypt compares the MED · CVE-2026-52761 ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. From 3.0. HIGH · CVE-2026-52747 ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. Prior to CVE-2026-49844 Improper encoding of non-finite floating-point values during MapMessage JSON serialization in Apache Log4j API produces CVE-2026-49394 Frappe is a full-stack web application framework. Prior to 16.19.0, authorization bypass was possible via the update_pag HIGH · CVE-2026-49213 TypeBot is a chatbot builder tool. Prior to 3.17.2, Typebot's shared SSRF validator in packages/lib/src/ssrf/validateHtt CVE-2026-48127 Frappe is a full-stack web application framework. Prior to 16.20.0 and 15.110.0, users without write access could attach CVE-2026-47422 Frappe is a full-stack web application framework. Prior to 15.107.5 and 16.18.2, an endpoint in reportview lacked approp
3288 General 883 Vulnerability Disclosure 814 CVE 612 Campaigns 400 Data Breach 384 Malware

Trending Vendors

Latest News

Data Breaches