Threat Intelligence Feed

Aggregating 8101 articles from trusted cybersecurity sources

LATEST CVEs
HIGH · CVE-2026-59954 Apollo is a reliable configuration management system suitable for microservice configuration management scenarios. Prior CRIT · CVE-2026-52843 Lightpanda is a headless browser designed for AI and automation. Prior to 0.2.9, Lightpanda fetch() and XMLHttpRequest u CRIT · CVE-2026-52842 Lightpanda is a headless browser designed for AI and automation. Prior to 0.3.1, Lightpanda searched for @ across the en MED · CVE-2026-49997 SurrealDB is a scalable, distributed, collaborative, document-graph database for the realtime web. Prior to 3.1.0, Docum HIGH · CVE-2026-48799 Postiz is an AI social media scheduling tool. Prior to 2.21.8, Postiz fails to verify Nowpayments IPN callback authentic CVE-2026-47703 AdGuard Home is a network-wide software for blocking ads and tracking. Prior to 0.107.75, AdGuard Home's client-triggere HIGH · CVE-2026-45804 Diffusers is the a library for pretrained diffusion models. Prior to 0.38.0, Diffusers' DiffusionPipeline.from_pretraine HIGH · CVE-2026-45793 Composer is a dependency Manager for the PHP language. Prior to 1.10.28, 2.2.28, and 2.9.8, Composer\IO\BaseIO::loadConf HIGH · CVE-2026-20187 As part of Cisco's ongoing commitment to proactive security and product quality, the Cisco RoomOS engineering team has c HIGH · CVE-2026-20158 As part of Cisco's ongoing commitment to proactive security and product quality, the Cisco RoomOS engineering team has c HIGH · CVE-2026-20157 As part of Cisco's ongoing commitment to proactive security and product quality, the Cisco RoomOS engineering team has c HIGH · CVE-2026-20156 As part of Cisco's ongoing commitment to proactive security and product quality, the Cisco RoomOS engineering team has c HIGH · CVE-2026-20153 As part of Cisco's ongoing commitment to proactive security and product quality, the Cisco RoomOS engineering team has c HIGH · CVE-2026-20150 As part of Cisco's ongoing commitment to proactive security and product quality, the Cisco RoomOS engineering team has c MED · CVE-2026-20146 A vulnerability in Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC) could allow a CVE-2026-1563 Pega Platform versions 8.1.0 through 25.1.2 are affected by an Reflected Cross-site scripting (XSS) vulnerability in a u CVE-2026-1562 Pega Platform versions 8.1.0 through 25.1.2 are affected by an Stored Cross-site scripting (XSS) vulnerability in a user MED · CVE-2025-32781 Apollo is a reliable configuration management system suitable for microservice configuration management scenarios. Prior CVE-2026-9007 Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in HCL Notes from HCL MED · CVE-2026-62843 File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a spec HIGH · CVE-2026-62685 File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a spec CVE-2026-62683 File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a spec CVE-2026-61828 Nixpkgs is a collection of software packages that can be installed with the Nix package manager. Prior to the 25.11 and CVE-2026-61605 Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2026-58655. Reason: This candidate is a HIGH · CVE-2026-61371 Microsoft AVML before 0.17.0 could follow a symlink when opening a destination output path on Unix, allowing truncation/ HIGH · CVE-2026-60005 NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_slice_module module. When the slice directive and HIGH · CVE-2026-55242 ERPNext is a free and open source Enterprise Resource Planning tool. Prior to 15.111.0 and 16.22.0, an authenticated use CRIT · CVE-2026-50148 Metabase is an open-source business intelligence and embedded analytics tool. From 1.54.0 until 1.54.24, 1.55.24, 1.56.2 HIGH · CVE-2026-50147 Metabase is an open-source business intelligence and embedded analytics tool. From 1.57.0 until 1.57.19.1, 1.58.14.1, 1. HIGH · CVE-2026-47164 Vaultwarden is a Bitwarden-compatible server written in Rust. Prior to 1.36.0, Vaultwarden's SSO login flow checked the MED · CVE-2026-47160 Vaultwarden is a Bitwarden-compatible server written in Rust. Prior to 1.36.0, Vaultwarden's /icons/{domain}/icon.png en CVE-2026-47159 Vaultwarden is a Bitwarden-compatible server written in Rust. Prior to 1.36.0, Vaultwarden's SSO discovery and pre-valid HIGH · CVE-2026-47158 Vaultwarden is a Bitwarden-compatible server written in Rust. Prior to 1.36.0, Vaultwarden's SSO authorization flow did HIGH · CVE-2026-46709 Tabby (formerly Terminus) is a highly configurable terminal emulator. Prior to 1.0.234, Tabby inserts dropped file paths HIGH · CVE-2026-45806 Penpot is an open-source design tool for design and code collaboration. Prior to 2.15.0, Penpot's remote image import pa HIGH · CVE-2026-45805 Penpot is an open-source design tool for design and code collaboration. Prior to 2.15.0, Penpot MCP's mcp/packages/serve CVE-2026-45150 Zen is a firefox-based browser. Prior to 1.19.13b, Zen Browser did not provide a persistent, clearly visible security no CRIT · CVE-2026-44986 Penpot is an open-source design tool for design and code collaboration. Prior to 2.14.5, Penpot exposed teams_invitation MED · CVE-2026-41580 Stirling-PDF is a locally hosted web application that facilitates various operations on PDF files. Prior to 2.0.0, Stirl CVE-2026-62294 Flameshot is powerful yet simple to use screenshot software. Prior to 14.0.0, the Open With feature wrote screenshots to
3573 General 944 Vulnerability Disclosure 888 CVE 658 Campaigns 424 Data Breach 424 Malware

Trending Vendors

Latest News

Siemens SIMATIC

View CSAF Summary SIMATIC CN 4100 contains multiple vulnerabilities which could potentially lead to a compromise in availability, integrity and confidentiali...

CISA Advisories →

Siemens Ruggedcom Rox

View CSAF Summary Ruggedcom Rox contains an input validation vulnerability in the Scheduler functionality that could allow an authenticated remote attacker t...

CISA Advisories →

Siemens Simcenter Femap

View CSAF Summary Simcenter Femap is affected by heap based buffer overflow vulnerability in Datakit library that could be triggered when the application rea...

T1190

CISA Advisories →

Siemens Ruggedcom Rox

View CSAF Summary Ruggedcom Rox contains an input validation vulnerability in the feature key installation process that could allow an authenticated remote a...

CISA Advisories →

Siemens Teamcenter

View CSAF Summary Siemens Teamcenter is affected by multiple vulnerabilities which could potentially lead to a compromise in availability, integrity and conf...

3 IOCs

CISA Advisories →

Siemens Solid Edge

View CSAF Summary Solid Edge SE2026 before Update 5 is affected by two file parsing vulnerabilities that could be triggered when the application reads specia...

CISA Advisories →

Siemens Opcenter RDnL

View CSAF Summary Opcenter RDnL is affected by missing authentication in critical function in ‘ActiveMQ Artemis’. An unauthenticated attacker within the adja...

CISA Advisories →

Siemens Ruggedcom Rox

View CSAF Summary Ruggedcom Rox contains an improper access control vulnerability that could allow an authenticated remote attacker to read arbitrary files w...

CISA Advisories →

Siemens SIMATIC S7 PLC Web Server

View CSAF Summary SIMATIC S7 PLCs contain multiple vulnerabilities in the web server that could allow an attacker to perform cross-site scripting attacks. Si...

CISA Advisories →

Data Breaches