Threat Intelligence Feed

Aggregating 8180 articles from trusted cybersecurity sources

LATEST CVEs
MED · CVE-2026-14503 The pCloud WP Backup plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and inc HIGH · CVE-2026-13765 The LearnPress – WordPress LMS Plugin for Create and Sell Online Courses plugin for WordPress is vulnerable to Sensitive HIGH · CVE-2026-13352 The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePres MED · CVE-2026-8616 The Fense Proxy & VPN Blocker plugin for WordPress is vulnerable to unauthorized modification of data due to a missing c HIGH · CVE-2026-15395 The Kali Forms — Contact Form & Drag-and-Drop Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting MED · CVE-2026-15160 The Ninja Forms - Excel Export plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and incl MED · CVE-2026-15159 The Ninja Forms - Excel Export plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up MED · CVE-2026-11324 The WooCommerce Placetopay Gateway and PlacetoPay/AvalPay gateway plugins for WordPress are vulnerable to Reflected Cros HIGH · CVE-2026-62387 The Grav API plugin (getgrav/grav-plugin-api) before 1.0.0-rc.16 shipped Access-Control-Allow-Origin: * as its default C HIGH · CVE-2026-62386 The Grav API plugin (getgrav/grav-plugin-api) before 1.0.0-rc.16 accepts JWT access tokens through the ?token= URL query CRIT · CVE-2026-62241 clawvet self-hosted API server (apps/api) before 0.7.5 hard-codes a fallback JWT secret ('clawvet-dev-secret-change-me') CVE-2026-62238 OpenRemote before 1.26.0 contain an authenticated SQL injection vulnerability in the datapoint crosstab export endpoint MED · CVE-2026-62237 Grav before 2.0.4 contains a regular expression denial of service (ReDoS) vulnerability in the regex_replace filter and MED · CVE-2026-62236 grav-plugin-login before 3.8.11 contains a cross-site request forgery (CSRF) vulnerability in the login.regenerate2FASec MED · CVE-2026-62235 Grav Flex-Objects before version 1.4.3 contains a broken access control vulnerability in the admin-next REST API that al HIGH · CVE-2026-62234 Grav before 2.0.4 fails to restrict cURL protocols in webhook dispatch, allowing authenticated users with api.webhooks.w HIGH · CVE-2026-62233 grav-plugin-api before 1.0.6 fails to validate super-admin status in createApiKey, generate2fa, and disable2fa endpoints HIGH · CVE-2026-62232 Grav before 2.0.4 contains a two-factor authentication bypass vulnerability in the login plugin where the regenerate2FAS HIGH · CVE-2026-62231 The Grav API plugin (getgrav/grav-plugin-api) before 1.0.6 contains an authorization bypass: API keys can be created wit HIGH · CVE-2026-62230 Grav before 2.0.4 ships a default .htaccess (and reference webserver-configs/htaccess.txt) whose rules blocking access t HIGH · CVE-2026-62229 OpenClaw before 2026.5.18 contain an authorization bypass vulnerability in exec allowlist glob matching that allows lowe HIGH · CVE-2026-62228 OpenClaw before 2026.6.5 contain an authorization bypass vulnerability in node exec approvals that allows lower-trust ca HIGH · CVE-2026-62227 OpenClaw 2026.4.14 before 2026.5.26 contain a server-side request forgery vulnerability in browser snapshot routes that HIGH · CVE-2026-62226 OpenClaw 2026.3.28 before 2026.5.19 contain an authorization bypass vulnerability in the browser act route that fails to MED · CVE-2026-62225 OpenClaw versions before 2026.5.18 contain an authorization bypass vulnerability in skill command dispatch that allows l MED · CVE-2026-62224 OpenClaw MS Teams before 2026.5.12 contain an authorization bypass vulnerability where the allowFrom feature binds to mu HIGH · CVE-2026-62223 OpenClaw before 2026.5.18 contain an authorization bypass vulnerability in the device-pair approval feature that allows HIGH · CVE-2026-62222 OpenClaw before 2026.5.22 contain a vulnerability in setup-mode discovery that allows loading of untrusted workspace plu MED · CVE-2026-62221 OpenClaw 2026.5.12 before 2026.5.26 contain an incorrect authorization vulnerability in the ClickClack allowFrom feature MED · CVE-2026-62220 OpenClaw 2026.2.25 before 2026.5.26 allow a lower-trust caller or configured input path to bypass non-browser rate limit HIGH · CVE-2026-62219 OpenClaw 2026.2.12 before 2026.5.26 contain an authorization bypass vulnerability in the hooks allowedAgentIds validatio HIGH · CVE-2026-62218 OpenClaw 2026.1.20 before 2026.5.27 contain an authorization bypass vulnerability in the device.pair.approve feature tha HIGH · CVE-2026-62217 OpenClaw 2026.5.14-beta.1 before 2026.5.27 contain an authorization flaw in the QQBot exec approvals feature. When the f MED · CVE-2026-62216 OpenClaw 2026.4.20 before 2026.5.28 contain a policy bypass in the QQBot media upload feature. A lower-trust caller or c HIGH · CVE-2026-62215 OpenClaw versions before 2026.6.5 contain an authentication bypass vulnerability in HTTP Canvas responses that allows lo MED · CVE-2026-62214 OpenClaw versions before 2026.5.28 Bot Framework contains an improper input validation vulnerability that allows lower-t MED · CVE-2026-62213 OpenClaw versions before 2026.5.27 contain a token leakage vulnerability in MS Teams outbound requests that allows lower HIGH · CVE-2026-62212 OpenClaw before 2026.5.28 contains a race condition in the MS Teams safeFetch DNS rebinding check. When the affected fea MED · CVE-2026-62211 OpenClaw versions before 2026.6.1 contain a credential redaction bypass vulnerability in the trajectory export feature t MED · CVE-2026-62210 OpenClaw versions before 2026.6.1 contain a denial of service vulnerability where remote media URLs can trigger slow-rea
3594 General 951 Vulnerability Disclosure 897 CVE 667 Campaigns 433 Malware 432 Data Breach

Trending Vendors

Latest News

Data Breaches