/

Threat Intelligence Feed

Aggregating 5575 articles from trusted cybersecurity sources

/
All General Vulnerability Disclosure CVE Campaigns Data Breach Malware Zero-Day Ransomware
LATEST CVEs
HIGH · CVE-2026-56082 Capgo (Cap-go/capgo) before 12.128.2 contains an improper access control vulnerability in the SECURITY DEFINER PostgREST CRIT · CVE-2026-56081 Cap-go before 12.128.2 contains an authentication logic flaw that lets an attacker register and control an account bound MED · CVE-2026-56080 Capgo before 12.128.2 contains a flaw in the Enforce Password Policy feature: after a Super Admin enables the policy and MED · CVE-2026-56079 Capgo before 12.128.2 contains a cross-tenant authorization bypass vulnerability in PostgREST endpoints that allows org- CRIT · CVE-2026-56073 Cap-go before 12.128.2 contains an authentication bypass vulnerability in OTP verification that allows attackers to bypa HIGH · CVE-2026-50559 Quarkus is a Java framework for building cloud-native applications. Prior to versions 3.37.0, 3.36.3, 3.33.2.1, 3.33.3, MED · CVE-2026-50519 Initialization of a resource with an insecure default in GitHub Copilot and Visual Studio Code allows an unauthorized at HIGH · CVE-2026-49346 libde265 is an open source implementation of the h.265 video codec. Prior to version 1.1.0, a crafted H.265 bitstream wi MED · CVE-2026-49337 libde265 is an open source implementation of the h.265 video codec. Prior to version 1.0.20, a crafted sequence of H.265 HIGH · CVE-2026-49295 libde265 is an open source implementation of the h.265 video codec. Prior to version 1.0.20, a crafted H.265 bitstream c CVE-2026-48794 Authelia is an open-source authentication and authorization server providing two-factor authentication and single sign-o CRIT · CVE-2026-48584 Execution with unnecessary privileges in Azure Synapse allows an authorized attacker to elevate privileges over a networ CRIT · CVE-2026-48582 Missing authorization in Microsoft Exchange Online allows an authorized attacker to elevate privileges over a network. MED · CVE-2026-48129 Kestra is an open-source, event-driven orchestration platform. Prior to versions 1.3.19, 1.2.19, 1.1.19, and 1.0.43, Kes HIGH · CVE-2026-47645 Url redirection to untrusted site ('open redirect') in Microsoft 365 Copilot's Business Chat allows an unauthorized atta CVE-2026-47203 Authelia is an open-source authentication and authorization server providing two-factor authentication and single sign-o CRIT · CVE-2026-45480 Improper authentication in Azure Active Directory allows an unauthorized attacker to elevate privileges over a network. MED · CVE-2026-42895 Improper neutralization of special elements used in a command ('command injection') in Microsoft Copilot allows an unaut HIGH · CVE-2026-32208 Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Edge (Chromium-based) CVE-2026-49345 Mercator is an open source web application that enables mapping of the information system. Prior to version 2025.05.19, CVE-2026-49344 Mercator is an open source web application that enables mapping of the information system. Prior to version 2025.05.19, MED · CVE-2026-49342 YARD is a documentation generation tool for the Ruby programming language. Prior to version 0.9.44, YARD's static cache CVE-2026-48787 gin-vue-admin is an AI-assisted basic development platform. In version 2.9.1, an authenticated attacker with access to t HIGH · CVE-2026-48774 ProxySQL is a proxy for MySQL and its forks, as well as PostgreSQL. In versions 3.0.0 through 3.0.8, ProxySQL's GenAI/MC CRIT · CVE-2026-48773 ProxySQL is a proxy for MySQL and its forks, as well as PostgreSQL. Versions 2.0.18 through 3.0.8 have a pre-authenticat CRIT · CVE-2026-48772 ProxySQL is a proxy for MySQL and its forks, as well as PostgreSQL. In versions 2.0.0 through 3.0.8, the ProxySQL MySQL CVE-2026-48715 radvd is a router advertisement daemon for IPv6. Prior to version 2.21, the `radvdump` utility shipped with radvd contai CVE-2026-48089 DevGuard provides vulnerability management for the full software supply chain. Prior to 1.4.2, on a DevGuard API instanc CVE-2026-9375 urllib3 version 2.6.3 is vulnerable to a decompression bomb bypass in its streaming API (`preload_content=False`) when u HIGH · CVE-2026-49340 gonic is a music streaming server / free-software subsonic server API implementation. Prior to version 0.21.0, a logic e HIGH · CVE-2026-49339 gonic is a music streaming server / free-software subsonic server API implementation. The maintainer's fix in commit `6 HIGH · CVE-2026-49338 gonic is a music streaming server / free-software subsonic server API implementation. Prior to version 0.21.0, the Subso CVE-2026-49336 @microsoft/kiota-http-fetchlibrary provides TypeScript libraries for Kiota-generated API clients. In versions 1.0.0-prev HIGH · CVE-2026-49293 js-toml is a TOML parser for JavaScript, fully compliant with the TOML 1.0.0 Spec. Versions up to and including 1.1.0 pa HIGH · CVE-2026-49291 mcp-memory-service is a semantic memory layer for AI applications. Prior to version 10.65.3, the HTTP MCP JSON-RPC endpo MED · CVE-2026-49288 Statamic is a Laravel and Git powered content management system (CMS). Prior to 5.73.23 and 6.20.0, an authenticated Con MED · CVE-2026-27878 A TraceQL query in Grafana Tempo with a large exemplars hint value can cause the Tempo instance to allocate an excessive MED · CVE-2026-12726 A flaw was found in the AWX GitHub webhook integration. When processing GitHub pull_request webhooks, the controller sto MED · CVE-2026-12238 The WP Go Maps – Most Popular Map Plugin plugin for WordPress is vulnerable to authorization bypass in all versions up t HIGH · CVE-2023-54357 Joomla com_booking component 2.4.9 contains an information disclosure vulnerability that allows unauthenticated attacker
2369 General 682 Vulnerability Disclosure 640 CVE 437 Campaigns 312 Data Breach 294 Malware

Trending Vendors

Microsoft (664) Google (339) Amazon (226) Intel (174) Apple (137) Cisco (124) Linux (117) Palo Alto Networks (102) GitHub (99) Oracle (70) WordPress (56) Check Point (48) Cloudflare (42) Rapid7 (35) Fortinet (33)

Latest News

Recorded Future General

Quantum Risk Explained

Learn how the "Harvest Now, Decrypt Later" (HNDL) risk exposes long-lived sensitive data today, regardless of when Cryptographically Relevant Quantum Compute...

Recorded Future →

Data Breaches

FreeIntelHub · Open-source CTI platform

All articles belong to their respective owners. FreeIntelHub aggregates publicly available RSS feeds for informational purposes only. DMCA