/

Threat Intelligence Feed

Aggregating 5135 articles from trusted cybersecurity sources

/
All General Vulnerability Disclosure CVE Campaigns Data Breach Malware Zero-Day Ransomware
LATEST CVEs
CVE-2026-53430 Improper Handling of Highly Compressed Data (Data Amplification) vulnerability in elixir-grpc grpc (GRPC.Compressor.Gzip CVE-2026-48854 Allocation of Resources Without Limits or Throttling vulnerability in elixir-grpc grpc allows unauthenticated attackers CVE-2026-48853 Deserialization of Untrusted Data and Allocation of Resources Without Limits or Throttling vulnerabilities in elixir-grp HIGH · CVE-2026-48723 The browserstack-cypress-cli is BrowserStack's CLI which allows users to run Cypress tests on BrowserStack. Versions pri CVE-2026-48599 Authorization Bypass Through User-Controlled Key vulnerability in elixir-grpc grpc allows authenticated attackers to acc CRIT · CVE-2026-12205 Crypt::DSA versions before 1.21 for Perl reused the nonce across signatures, leading to private-key recovery. Crypt::DS CVE-2026-5064 Potential security vulnerabilities have been identified in the HP One Agent for certain HP PC products, which might all CRIT · CVE-2026-48714 i18next-http-middleware is a middleware to be used with Node.js web frameworks like express or Fastify and also for Deno CRIT · CVE-2026-48713 Versions prior to 2.6.6 are vulnerable to prototype pollution via crafted missing-key strings when used to persist missi MED · CVE-2026-48157 Slim is a PHP micro framework that enables users to write simple web applications and APIs. In versions 4.4.0 through 4. HIGH · CVE-2026-48017 DbGate is cross-platform database manager. In versions 7.1.8 and prior, the POST /runners/load-reader endpoint in DbGate CRIT · CVE-2026-12087 Socket versions before 2.041 for Perl have an out-of-bounds heap read. In Socket.xs, pack_ip_mreq_source() checks the l CRIT · CVE-2026-11832 Dancer2::Plugin::Auth::OAuth versions before 0.22 for Perl default to a predictable nonce. The default nonce was genera CRIT · CVE-2026-9691 Unauthenticated PHP Object Injection in Integration for ActiveCampaign and Contact Form 7, WPForms, Elementor, Ninja For CRIT · CVE-2026-52703 Unauthenticated Path Traversal in FastDup <= 2.7.2 versions. HIGH · CVE-2026-52702 Unauthenticated Cross Site Scripting (XSS) in SEO Redirection <= 9.17 versions. HIGH · CVE-2026-52700 Subscriber SQL Injection in WCMultiShipping <= 3.0.2 versions. HIGH · CVE-2026-52699 Unauthenticated Insecure Direct Object References (IDOR) in VikRentCar <= 1.4.5 versions. HIGH · CVE-2026-52697 Subscriber SQL Injection in Taskbuilder <= 5.0.7 versions. HIGH · CVE-2026-52695 Unauthenticated Sensitive Data Exposure in ABC Crypto Checkout <= 1.8.2 versions. HIGH · CVE-2026-52694 Unauthenticated Sensitive Data Exposure in Signature Add-On for WooCommerce <= 2.0 versions. CRIT · CVE-2026-52693 Unauthenticated SQL Injection in eCommerce Product Catalog <= 3.5.5 versions. HIGH · CVE-2026-52692 Unauthenticated Sensitive Data Exposure in Affiliates Manager <= 2.9.50 versions. CRIT · CVE-2026-49781 Unauthenticated PHP Object Injection in OttoKit <= 1.1.27 versions. HIGH · CVE-2026-49780 Customer Privilege Escalation in Dokan <= 5.0.2 versions. CRIT · CVE-2026-49776 Unauthenticated SQL Injection in GPTranslate – Multilingual AI Translation for WordPress: Automatically Translate Websit MED · CVE-2026-49775 Unauthenticated Broken Access Control in Welcart e-Commerce <= 2.11.28 versions. MED · CVE-2026-49773 Subscriber Cross Site Scripting (XSS) in FV Flowplayer Video Player < 7.5.51.7212 versions. CRIT · CVE-2026-49770 Unauthenticated PHP Object Injection in WP Travel Engine <= 6.7.12 versions. CRIT · CVE-2026-49769 Unauthenticated PHP Object Injection in wpForo Forum <= 3.1.0 versions. CRIT · CVE-2026-49768 Unauthenticated PHP Object Injection in Happyforms <= 1.26.13 versions. CRIT · CVE-2026-49766 Subscriber Arbitrary File Deletion in WP User Manager <= 2.9.16 versions. CRIT · CVE-2026-49765 Unauthenticated PHP Object Injection in Integration for Mailchimp and Contact Form 7, WPForms, Elementor, Ninja Forms <= CRIT · CVE-2026-49764 Unauthenticated Broken Authentication in RegistrationMagic <= 6.0.8.6 versions. CRIT · CVE-2026-49763 Unauthenticated PHP Object Injection in Integration for Contact Form 7 HubSpot <= 1.3.7 versions. HIGH · CVE-2026-49112 Unauthenticated Path Traversal in Shared Files <= 1.7.64 versions. HIGH · CVE-2026-49110 Unauthenticated Broken Authentication in Upsell Order Bump Offer for WooCommerce <= 3.1.4 versions. CRIT · CVE-2026-49109 Unauthenticated PHP Object Injection in Integration for Salesforce and Contact Form 7, WPForms, Elementor, Formidable, N CRIT · CVE-2026-49106 Unauthenticated PHP Object Injection in Integration for Contact Form 7 and Constant Contact <= 1.1.6 versions. CRIT · CVE-2026-49105 Unauthenticated PHP Object Injection in WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms <=
2161 General 635 Vulnerability Disclosure 616 CVE 395 Campaigns 285 Data Breach 271 Malware

Trending Vendors

Microsoft (613) Google (314) Amazon (207) Intel (165) Apple (121) Cisco (116) Linux (116) Palo Alto Networks (99) GitHub (94) Oracle (57) Check Point (44) WordPress (43) Cloudflare (37) Rapid7 (34) Ivanti (26)

Latest News

ESET Research Campaigns

Gamaredon X Turla collab

Notorious APT group Turla collaborates with Gamaredon, both FSB-associated groups, to compromise high‑profile targets in Ukraine

ESET Research →

Data Breaches

FreeIntelHub · Open-source CTI platform

All articles belong to their respective owners. FreeIntelHub aggregates publicly available RSS feeds for informational purposes only. DMCA