/

Threat Intelligence Feed

Aggregating 5611 articles from trusted cybersecurity sources

/
All General Vulnerability Disclosure CVE Campaigns Data Breach Malware Zero-Day Ransomware
LATEST CVEs
CVE-2026-12845 Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All r MED · CVE-2026-12814 A flaw has been found in Comfast CF-WR631AX V3 up to 2.7.0.8. This issue affects the function system of the file /cgi-bi MED · CVE-2026-12813 A vulnerability was detected in activepieces up to 0.83.0. This vulnerability affects the function handleUrlFile in the CVE-2026-12812 A security vulnerability has been detected in Radware Cyber Controller up to 10.11.0. This affects an unknown part of th MED · CVE-2026-12811 A weakness has been identified in kortix-ai suna up to 0.8.38. Affected by this issue is the function router.replace/rou MED · CVE-2026-12810 A security flaw has been discovered in Edimax BR-6478AC V2 1.23. Affected by this vulnerability is the function mp of th MED · CVE-2026-12809 A vulnerability was identified in Edimax BR-6478AC V2 1.23. Affected is the function wiz_5in1_redirect of the file /gofo MED · CVE-2026-12808 A vulnerability was determined in Edimax BR-6478AC V2 1.23. This impacts the function stainfo of the file /goform/stainf MED · CVE-2026-12807 A vulnerability was found in Edimax BR-6478AC V2 1.23. This affects the function setWAN of the file /goform/setWAN of th HIGH · CVE-2026-12806 A vulnerability has been found in Edimax BR-6478AC V2 1.23. The impacted element is the function formWlSiteSurvey of the MED · CVE-2026-12805 A flaw has been found in OFFIS DCMTK up to 3.7.0. The affected element is the function XMLNode::parseFile in the library MED · CVE-2026-12804 A vulnerability was detected in lemonldap-ng up to 2.23.0. Impacted is an unknown function in the library lemonldap-ng-p MED · CVE-2026-56412 libexpat before 2.8.2 does not consider XML_TOK_DATA_CHARS in doCdataSection and thus lacks handler call depth tracking MED · CVE-2026-56411 xmlwf in libexpat before 2.8.2 has an integer overflow in endDoctypeDecl via NOTATION declarations. MED · CVE-2026-56410 xmlwf in libexpat before 2.8.2 has an integer overflow in resolveSystemId. MED · CVE-2026-56409 xmlwf in libexpat before 2.8.2 has an integer overflow for the output filename when -d outputDir is used. MED · CVE-2026-56408 libexpat before 2.8.2 has an integer overflow in copyString. MED · CVE-2026-56407 libexpat before 2.8.2 has an integer overflow in doProlog that is related to storeEntityValue and entity textLen. MED · CVE-2026-56406 libexpat before 2.8.2 has an integer overflow in XML_ParseBuffer because it lacked a check that was present in XML_Parse MED · CVE-2026-56405 libexpat before 2.8.2 has an integer overflow in getAttributeId. MED · CVE-2026-56404 libexpat before 2.8.2 has an integer overflow in addBinding. MED · CVE-2026-56403 libexpat before 2.8.2 has an integer overflow in storeAtts. CRIT · CVE-2026-56397 SiYuan before v3.6.1 fails to sanitize package metadata and README content in the Bazaar marketplace, allowing malicious HIGH · CVE-2026-56396 phpMyFAQ before 4.1.4 contains missing authorization vulnerabilities in editUser() and updateUserRights() endpoints that CRIT · CVE-2026-56395 SiYuan before v3.6.1 fails to sanitize package metadata and README content in the Bazaar marketplace, allowing malicious MED · CVE-2026-56394 Craft CMS from 4.0.0-RC1 contains an authenticated path traversal vulnerability in the assets/icon endpoint where the ex MED · CVE-2026-56393 Craft CMS 4.x (>= 4.0.0-RC1, < 4.17.0-beta.1) and 5.x (>= 5.0.0-RC1, < 5.9.0-beta.1) contain multiple stored cross-site MED · CVE-2026-56385 Craft CMS versions >= 5.0.0-RC1, <= 5.9.13 and >= 4.0.0-RC1, <= 4.17.7 contain an authorization bypass in the assets/pre MED · CVE-2026-56384 Craft CMS contains a missing authorization vulnerability in the assets/preview-thumb endpoint. A Control Panel user with MED · CVE-2026-56383 Craft CMS contains a stored cross-site scripting (XSS) vulnerability in the editableTable.twig component when using the HIGH · CVE-2026-56382 Craft CMS (composer package craftcms/cms) versions >= 5.5.0 and <= 5.9.13 contain a remote code execution vulnerability MED · CVE-2026-56381 Craft CMS from version 5.0.0-RC1 contains a stored cross-site scripting vulnerability in the User Permissions page where CVE-2026-56378 ImageMagick before 7.1.2-15 (and 6.x before 6.9.13-40) contains a heap out-of-bounds read in the PCD coder's DecodeImage CVE-2026-56367 ImageMagick before 7.1.2-15 and 6.9.x before 6.9.13-40 contains an integer overflow in the PSB (PSD v2) RLE decoding pat MED · CVE-2026-56316 Cap-go before 12.128.2 contains an information disclosure vulnerability in the OPTIONS /build/upload/:jobId/* endpoint t MED · CVE-2026-56299 Capgo before 12.128.2 contains an authentication bypass vulnerability in the /build/upload/:jobId/* endpoint that allows CRIT · CVE-2026-56265 Crawl4AI before 0.8.7 contains an authentication bypass vulnerability due to a hardcoded default JWT signing key in the HIGH · CVE-2026-56253 Capgo before 12.128.2 contains an improper access control vulnerability in the public.get_org_members RPC function that MED · CVE-2026-56251 Capgo before 12.128.2 contains a broken row level security policy in the org_users table that allows authenticated users HIGH · CVE-2026-56242 Capgo before 12.128.2 contains an unauthenticated security definer RPC function get_identity_apikey_only that returns th
2381 General 685 Vulnerability Disclosure 643 CVE 443 Campaigns 316 Data Breach 296 Malware

Trending Vendors

Microsoft (667) Google (340) Amazon (226) Intel (176) Apple (141) Cisco (125) Linux (118) Palo Alto Networks (102) GitHub (101) Oracle (70) WordPress (56) Check Point (48) Cloudflare (42) Fortinet (35) Rapid7 (35)

Latest News

Data Breaches

FreeIntelHub · Open-source CTI platform

All articles belong to their respective owners. FreeIntelHub aggregates publicly available RSS feeds for informational purposes only. DMCA