Threat Intelligence Feed

Aggregating 8222 articles from trusted cybersecurity sources

LATEST CVEs
HIGH · CVE-2026-53411 A time-of-check to time-of-use (TOCTOU) race condition in the installation and uninstallation process of certain Zoom Cl CVE-2026-45368 Kirby is an open-source content management system. In versions prior to 4.9.1 and 5.4.1, the underlying URL methods for CVE-2026-45334 Kirby is an open-source content management system. In versions prior to 4.9.1 and 5.4.1, the content-locking feature ret CRIT · CVE-2026-44180 Jupyter Enterprise Gateway launches remote Jupyter Notebook kernels across distributed clusters like Apache Spark, Kuber CVE-2026-44177 Kirby is an open-source content management system. In versions 5.3.0 and above but prior to 5.4.1, Kirby did not correct CVE-2026-44176 Kirby is an open-source content management system. Versions prior to 4.9.1 and 5.4.1 do not check the `pages.access` per CVE-2026-44175 Kirby is an open-source content management system. In versions prior to 4.9.1 and 5.4.1, Kirby did not securely sanitize CVE-2026-44174 Kirby is an open-source content management system. Prior to 4.9.1 and 5.4.1, Kirby did not validate the model attributes MED · CVE-2026-14782 The Booking for Appointments and Events Calendar – Amelia plugin for WordPress is vulnerable to SQL Injection via the Cu MED · CVE-2026-13713 YAML::Syck versions before 1.47 for Perl allow a use-after-free and double-free via an anchor node freed while still on MED · CVE-2026-61378 A divide-by-zero vulnerability in the Productivity Suite allows a local attacker to cause a division by zero leading to MED · CVE-2026-60073 An out-of-bounds read in the Productivity Suite allows a physical attacker to control the length of data sent to a USB MED · CVE-2026-57896 An out-of-bounds read vulnerability in the Productivity Suite allows a local attacker to trigger kernel memory corrupti HIGH · CVE-2026-55173 WWBN AVideo is an open source video platform. Versions 29.0 and below remain vulnerable to OS command injection because HIGH · CVE-2026-53410 A time-of-check to time-of-use (TOCTOU) race condition in the installation and uninstallation process of certain Zoom Cl HIGH · CVE-2026-53409 Improper Privilege Management in Zoom Rooms for Windows before version 7.1.0 may allow an authenticated user to conduct HIGH · CVE-2026-44023 Docling Core defines core data types and transformations for the document processing application Docling. In versions 1. HIGH · CVE-2026-44019 Docling Core defines core data types and transformations for the document processing application Docling. In versions 2. CRIT · CVE-2026-38158 A SQL injection vulnerability in the /ureport/datasource/previewData component of ureport v2.2.9 allows attackers to acc MED · CVE-2026-36425 An issue in OPSWAT AppRemover Driver (ardrv.sys) v2017.10.02.1551 and earlier in IOCTL handler 0x2420031. Any local user MED · CVE-2026-33731 WWBN AVideo is an open source video platform. In versions prior to 29.0, the Authorize.Net webhook handler at plugin/Aut HIGH · CVE-2026-33692 WWBN AVideo is an open source video platform. Versions prior to 29.0 expose .env files to unauthenticated users through MED · CVE-2026-11889 SALTO ProAccess Space software using the tenancy feature / logical partition is vulnerable to a privilege escalation at HIGH · CVE-2024-34268 EQ-3 Eqiva CC-RT-BLE Bluetooth Smart Radiator Thermostat Firmware up to the latest version 1.46 was discovered to allow CVE-2024-32389 Buffer Overflow vulnerability in Kerlink Kerlink Wirnet iStation 868 KerOS v.4.3.3_20200803132042 allows a remote attack MED · CVE-2024-32387 An issue in Kerlink Kerlink Wirnet iStation 868 KerOS v.4.3.3_20200803132042 allows a remote attacker to obtain sensitiv HIGH · CVE-2024-32386 Directory traversal vulnerability in Kerlink Kerlink Wirnet iStation 868 KerOS v.4.3.3_20200803132042 allows a remote at MED · CVE-2024-32385 An issue in Kerlink Kerlink Wirnet iStation 868 KerOS v.4.3.3_20200803132042 allows a remote attacker to obtain sensitiv MED · CVE-2026-63397 remorses/genql before version 6.3.4 allows an authenticated attacker with control of the GraphQL schema that is passed t CRIT · CVE-2026-63089 WireGuard Easy through 15.3.0, fixed in commit 66b292b, contains a cryptographically weak one-time link token generation CVE-2026-62994 CoreDNS is a DNS server written in Go. From 1.9.4 until 1.14.5, a network DNS client allowed to request AXFR for a CoreD CVE-2026-62963 Centrifugo is an open-source scalable real-time messaging server. Prior to 6.8.4, Centrifugo unidirectional WebSocket tr HIGH · CVE-2026-62309 CoreDNS is a DNS server written in Go. Prior to 1.14.4, a single 28-byte UDP datagram can crash the CoreDNS process when MED · CVE-2026-62299 CoreDNS is a DNS server written in Go. Prior to 1.14.5, the CoreDNS rewrite plugin supports edns0 rewrite rules with an HIGH · CVE-2026-62290 cert-manager adds certificates and certificate issuers as resource types in Kubernetes clusters, and simplifies the proc MED · CVE-2026-61718 bunkerweb is an Open-source and next-generation Web Application Firewall (WAF). From 1.6.2 until 1.6.12, the BunkerWeb w HIGH · CVE-2026-61389 An out-of-bounds write vulnerability in the Productivity Suite allows a local attacker to trigger kernel memory corrupt MED · CVE-2026-60140 An out-of-bounds read vulnerability in the Productivity Suite allows a local attacker to trigger kernel memory corrupti HIGH · CVE-2026-60063 An out-of-bounds write vulnerability in the Productivity Suite allows a local attacker to trigger kernel memory corrupt CVE-2026-55629 Whistle is an HTTP, HTTP2, HTTPS, and WebSocket debugging proxy. Prior to 2.10.3, lib/service/service.js handles GET /cg
3631 General 950 Vulnerability Disclosure 895 CVE 669 Campaigns 432 Data Breach 431 Malware

Trending Vendors

Latest News

Data Breaches