Threat Intelligence Feed

Aggregating 8220 articles from trusted cybersecurity sources

LATEST CVEs
HIGH · CVE-2026-59954 Apollo is a reliable configuration management system suitable for microservice configuration management scenarios. Prior CRIT · CVE-2026-52843 Lightpanda is a headless browser designed for AI and automation. Prior to 0.2.9, Lightpanda fetch() and XMLHttpRequest u CRIT · CVE-2026-52842 Lightpanda is a headless browser designed for AI and automation. Prior to 0.3.1, Lightpanda searched for @ across the en MED · CVE-2026-49997 SurrealDB is a scalable, distributed, collaborative, document-graph database for the realtime web. Prior to 3.1.0, Docum HIGH · CVE-2026-48799 Postiz is an AI social media scheduling tool. Prior to 2.21.8, Postiz fails to verify Nowpayments IPN callback authentic CVE-2026-47703 AdGuard Home is a network-wide software for blocking ads and tracking. Prior to 0.107.75, AdGuard Home's client-triggere HIGH · CVE-2026-45804 Diffusers is the a library for pretrained diffusion models. Prior to 0.38.0, Diffusers' DiffusionPipeline.from_pretraine HIGH · CVE-2026-45793 Composer is a dependency Manager for the PHP language. Prior to 1.10.28, 2.2.28, and 2.9.8, Composer\IO\BaseIO::loadConf HIGH · CVE-2026-20187 As part of Cisco's ongoing commitment to proactive security and product quality, the Cisco RoomOS engineering team has c HIGH · CVE-2026-20158 As part of Cisco's ongoing commitment to proactive security and product quality, the Cisco RoomOS engineering team has c HIGH · CVE-2026-20157 As part of Cisco's ongoing commitment to proactive security and product quality, the Cisco RoomOS engineering team has c HIGH · CVE-2026-20156 As part of Cisco's ongoing commitment to proactive security and product quality, the Cisco RoomOS engineering team has c HIGH · CVE-2026-20153 As part of Cisco's ongoing commitment to proactive security and product quality, the Cisco RoomOS engineering team has c HIGH · CVE-2026-20150 As part of Cisco's ongoing commitment to proactive security and product quality, the Cisco RoomOS engineering team has c MED · CVE-2026-20146 A vulnerability in Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC) could allow a CVE-2026-1563 Pega Platform versions 8.1.0 through 25.1.2 are affected by an Reflected Cross-site scripting (XSS) vulnerability in a u CVE-2026-1562 Pega Platform versions 8.1.0 through 25.1.2 are affected by an Stored Cross-site scripting (XSS) vulnerability in a user MED · CVE-2025-32781 Apollo is a reliable configuration management system suitable for microservice configuration management scenarios. Prior CVE-2026-9007 Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in HCL Notes from HCL MED · CVE-2026-62843 File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a spec HIGH · CVE-2026-62685 File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a spec CVE-2026-62683 File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a spec CVE-2026-61828 Nixpkgs is a collection of software packages that can be installed with the Nix package manager. Prior to the 25.11 and CVE-2026-61605 Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2026-58655. Reason: This candidate is a HIGH · CVE-2026-61371 Microsoft AVML before 0.17.0 could follow a symlink when opening a destination output path on Unix, allowing truncation/ HIGH · CVE-2026-60005 NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_slice_module module. When the slice directive and HIGH · CVE-2026-55242 ERPNext is a free and open source Enterprise Resource Planning tool. Prior to 15.111.0 and 16.22.0, an authenticated use CRIT · CVE-2026-50148 Metabase is an open-source business intelligence and embedded analytics tool. From 1.54.0 until 1.54.24, 1.55.24, 1.56.2 HIGH · CVE-2026-50147 Metabase is an open-source business intelligence and embedded analytics tool. From 1.57.0 until 1.57.19.1, 1.58.14.1, 1. HIGH · CVE-2026-47164 Vaultwarden is a Bitwarden-compatible server written in Rust. Prior to 1.36.0, Vaultwarden's SSO login flow checked the MED · CVE-2026-47160 Vaultwarden is a Bitwarden-compatible server written in Rust. Prior to 1.36.0, Vaultwarden's /icons/{domain}/icon.png en CVE-2026-47159 Vaultwarden is a Bitwarden-compatible server written in Rust. Prior to 1.36.0, Vaultwarden's SSO discovery and pre-valid HIGH · CVE-2026-47158 Vaultwarden is a Bitwarden-compatible server written in Rust. Prior to 1.36.0, Vaultwarden's SSO authorization flow did HIGH · CVE-2026-46709 Tabby (formerly Terminus) is a highly configurable terminal emulator. Prior to 1.0.234, Tabby inserts dropped file paths HIGH · CVE-2026-45806 Penpot is an open-source design tool for design and code collaboration. Prior to 2.15.0, Penpot's remote image import pa HIGH · CVE-2026-45805 Penpot is an open-source design tool for design and code collaboration. Prior to 2.15.0, Penpot MCP's mcp/packages/serve CVE-2026-45150 Zen is a firefox-based browser. Prior to 1.19.13b, Zen Browser did not provide a persistent, clearly visible security no CRIT · CVE-2026-44986 Penpot is an open-source design tool for design and code collaboration. Prior to 2.14.5, Penpot exposed teams_invitation MED · CVE-2026-41580 Stirling-PDF is a locally hosted web application that facilitates various operations on PDF files. Prior to 2.0.0, Stirl CVE-2026-62294 Flameshot is powerful yet simple to use screenshot software. Prior to 14.0.0, the Open With feature wrote screenshots to
3631 General 949 Vulnerability Disclosure 894 CVE 669 Campaigns 432 Data Breach 431 Malware

Trending Vendors

Latest News

Data Breaches