Vercel confirms April 2026 security incident linked to third-party AI tool
Cloud development platform Vercel has confirmed a security incident involving unauthorized access to parts of its internal systems, following a breach disclo...
Threat Intelligence Feed
Aggregating 4087 articles from trusted cybersecurity sources
LATEST CVEs
CVE-2026-5921
A server-side request forgery (SSRF) vulnerability was identified in GitHub Enterprise Server that allowed an attacker t
CVE-2026-5845
An improper authorization vulnerability in scoped user-to-server (ghu_) token authorization in GitHub Enterprise Server
CVE-2026-5512
An improper authorization vulnerability was identified in GitHub Enterprise Server that allowed an authenticated attacke
CVE-2026-4872
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2026-4821
An improper neutralization of special elements vulnerability was identified in GitHub Enterprise Server that allowed an
CVE-2026-4296
An incorrect regular expression vulnerability was identified in GitHub Enterprise Server that allowed an attacker to byp
CVE-2026-41063
WWBN AVideo is an open source video platform. In versions 29.0 and below, an incomplete XSS fix in AVideo's `ParsedownSa
CVE-2026-41062
WWBN AVideo is an open source video platform. In versions 29.0 and below, the directory traversal fix introduced in comm
CVE-2026-41061
WWBN AVideo is an open source video platform. In versions 29.0 and below, the `isValidDuration()` regex at `objects/vide
CVE-2026-41060
WWBN AVideo is an open source video platform. In versions 29.0 and below, the `isSSRFSafeURL()` function in `objects/fun
CVE-2026-41058
WWBN AVideo is an open source video platform. In versions 29.0 and below, the incomplete fix for AVideo's CloneSite `del
CVE-2026-41057
WWBN AVideo is an open source video platform. In versions 29.0 and below, the CORS origin validation fix in commit `986e
CVE-2026-41056
WWBN AVideo is an open source video platform. In versions 29.0 and below, the `allowOrigin($allowAll=true)` function in
CVE-2026-41055
WWBN AVideo is an open source video platform. In versions 29.0 and below, an incomplete SSRF fix in AVideo's LiveLinks p
CVE-2026-40935
WWBN AVideo is an open source video platform. In versions 29.0 and prior, `objects/getCaptcha.php` accepts the CAPTCHA l
CVE-2026-40929
WWBN AVideo is an open source video platform. In versions 29.0 and prior, `objects/commentDelete.json.php` is a state-mu
CVE-2026-40928
WWBN AVideo is an open source video platform. In versions 29.0 and prior, multiple AVideo JSON endpoints under `objects/
CVE-2026-40926
WWBN AVideo is an open source video platform. In versions 29.0 and prior, three admin-only JSON endpoints — `objects/cat
CVE-2026-3307
An authorization bypass vulnerability was identified in GitHub Enterprise Server that allowed an attacker with admin acc
CVE-2026-6832
Hermes WebUI contains an arbitrary file deletion vulnerability in the /api/session/delete endpoint that allows authentic
CVE-2026-6830
nesquena hermes-webui contains an environment variable leakage vulnerability where profile switching does not clear envi
CVE-2026-6829
nesquena hermes-webui contains a trust-boundary failure vulnerability that allows authenticated attackers to set or chan
CVE-2026-6799
A security flaw has been discovered in Comfast CF-N1-S 2.6.0.1. Affected by this issue is some unknown functionality of
CVE-2026-41527
KDE Kleopatra before 26.08.0 on Windows allows local users to obtain the privileges of a Kleopatra user, because there i
CVE-2026-40946
Oxia is a metadata store and coordination system. Prior to 0.16.2, the OIDC authentication provider unconditionally sets
CVE-2026-40945
Oxia is a metadata store and coordination system. Prior to 0.16.2, when OIDC authentication fails, the full bearer token
CVE-2026-40944
Oxia is a metadata store and coordination system. Prior to 0.16.2, the trustedCertPool() function in the TLS configurati
CVE-2026-40943
Oxia is a metadata store and coordination system. Prior to 0.16.2, a race condition between session heartbeat processing
CVE-2026-40942
The Data Sharing Framework (DSF) implements a distributed process engine based on the BPMN 2.0 and FHIR R4 standards. Pr
CVE-2026-40939
The Data Sharing Framework (DSF) implements a distributed process engine based on the BPMN 2.0 and FHIR R4 standards. Pr
CVE-2026-40933
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, due to unsafe s
CVE-2026-40931
Compressing is a compressing and uncompressing lib for node. Prior to 2.1.1 and 1.10.5, the patch for CVE-2026-24884 rel
CVE-2026-40706
In NTFS-3G 2022.10.3 before 2026.2.25, a heap buffer overflow exists in ntfs_build_permissions_posix() in acls.c that al
CVE-2026-1354
Zero Motorcycles firmware versions 44 and prior enable an attacker to
forcibly pair a device with the motorcycle via Bl
CVE-2026-6823
HKUDS OpenHarness prior to PR #147 remediation contains an insecure default configuration vulnerability where remote cha
CVE-2026-6797
A vulnerability was identified in Sanluan PublicCMS up to 6.202506.d. Affected by this vulnerability is the function Zip
CVE-2026-6796
A vulnerability was determined in Sanluan PublicCMS up to 6.202506.d. Affected is the function log_login of the file cor
CVE-2026-40938
Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. From 1.0.0 to before 1.11.0,
CVE-2026-40927
Docmost is open-source collaborative wiki and documentation software. Prior to 0.80.0, when leaving a comment on a page,
CVE-2026-40925
WWBN AVideo is an open source video platform. In versions 29.0 and prior, `objects/configurationUpdate.json.php` (also r
Latest News
No articles found.
Data Breaches
French Authorities Confirm Data Breach Amid Hackers’ Data Leak Allegations
The French National Agency for Secure Documents (ANTS) has officially confirmed a severe data breach affecting its central government portal. This critical i...
Exclusive Anthropic Cyber Tool Mythos Accessed by Unapproved Actors
A group of unauthorized users has successfully bypassed access controls to reach Claude Mythos Preview, Anthropic’s closely guarded cybersecurity AI. This br...
Over 400K records allegedly stolen from major Dutch webshop Bol, data leaked
Major Dutch online store Bol, which also operates in Belgium, had information from more than 400,000 of its Belgian users allegedly compromised by the hacker...
French govt agency confirms breach as hacker offers to sell data
France Titres, the government agency in France for issuing and managince administrative documents has disclosed a data breach after a threat actor claimed th...
Seiko USA website defaced, customer data breach claimed
The attackers asserted they breached Seiko USA's Shopify backend, exfiltrating sensitive customer data including names, email addresses, phone numbers, order...
Cloud platform Vercel says company breached through third-party AI tool
Vercel released a statement acknowledging a breach and warning a “limited subset of customers” that their Vercel credentials were compromised.
Grinex crypto exchange shuts down, blames Western agencies for $13.7M breach
Grinex exchange collapses after $13.7M breach, blames Western spies as Chainalysis flags possible exit scam and sanctions evasion network links claims.
Vercel Confirms Cyber Incident After Sophisticated Attacker Exploits Third‑Party Tool
Cloud app developer Vercel appears to have suffered a security breach
Lovable AI App Builder Hit by Reported API Flaw Exposing Thousands of Projects
The popular AI application builder, Lovable, is currently facing a massive data breach due to an unpatched API vulnerability. Security researchers have revea...
Trio of new Windows vulnerabilities under active exploitation
TechCrunch reports that attacks weaponizing the Windows Defender security vulnerabilities BlueHammer, UnDefend, and RedSun which have had their proof-of-conc...
Vercel Breach Linked to Context.ai, ShinyHunters Says It’s Not Involved
Vercel confirms a breach linked to Context.ai as a hacker lists alleged data for $2M.