Threat Intelligence Feed

HIGH · CVE-2018-25405 eNdonesia Portal 8.7 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arb HIGH · CVE-2026-10120 A vulnerability was detected in TRENDnet TEW-432BRP 3.10B20. The affected element is the function formSetFirewallRule of HIGH · CVE-2026-10119 A security vulnerability has been detected in TRENDnet TEW-432BRP 3.10B20. Impacted is the function formSetMACFilter of CVE-2026-46242 In the Linux kernel, the following vulnerability has been resolved: eventpoll: fix ep_remove struct eventpoll / struct MED · CVE-2026-10117 A weakness has been identified in Open5GS up to 2.7.7. This issue affects the function ogs_pool_id_calloc in the library MED · CVE-2026-10116 A security flaw has been discovered in Open5GS up to 2.7.7. This vulnerability affects the function ogs_sbi_xact_add in MED · CVE-2026-10115 A vulnerability was identified in Open5GS up to 2.7.7. This affects an unknown part in the library lib/sbi/nnrf-handler. MED · CVE-2026-10114 A vulnerability was determined in Open5GS up to 2.7.7. Affected by this issue is the function handle_scp_info in the lib HIGH · CVE-2026-9757 The GEO my WP plugin for WordPress is vulnerable to SQL Injection via the 'swlatlng' and 'nelatlng' parameters in all ve HIGH · CVE-2026-7465 The Spectra Gutenberg Blocks – Website Builder for the Block Editor plugin for WordPress is vulnerable to Remote Code Ex HIGH · CVE-2026-7459 The Simple History – Track, Log, and Audit WordPress Changes plugin for WordPress is vulnerable to authenticated (Subscr MED · CVE-2026-10113 A vulnerability was found in Open5GS up to 2.7.7. Affected by this vulnerability is an unknown functionality in the libr MED · CVE-2026-5071 The SocketCAN implementation validates the length of a user-provided buffer containing a socketcan_frame object using on CVE-2026-10112 A vulnerability has been found in sambitraj STUDENT-MANAGEMENT-SYSTEM 1.0. Affected is an unknown function of the compon HIGH · CVE-2026-10111 A flaw has been found in sambitraj STUDENT-MANAGEMENT-SYSTEM 1.0. This impacts an unknown function of the component Logi HIGH · CVE-2026-10110 A vulnerability was detected in code-projects Student Details Management System 1.0. This affects an unknown function of MED · CVE-2026-48840 Exim 4.88 before 4.99.4, in some proxy configurations, mishandles certain short payloads, leading to disclosure of unini MED · CVE-2026-9831 A race condition in the shared Extreme Platform ONE IAM Gateway API-key authentication path could, under specific high-c CVE-2026-4387 StrongDM Desktop Application before 23.74.0 (Desktop Client before 53.77.0) on Microsoft Windows stores authentication s MED · CVE-2026-48811 FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to 1.8.221, FreeScout allows a MED · CVE-2026-48810 FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to 1.8.221, while investigating HIGH · CVE-2026-48557 Spatie Laravel Media Library before version 11.23.0 contains a file upload restriction bypass in FileAdder::defaultSanit HIGH · CVE-2026-48555 Spatie Laravel Media Library before version 11.23.0 contains a server-side request forgery vulnerability that allows rem CVE-2026-47266 Formie is a Craft CMS plugin for creating forms. Prior to 2.2.21 and 3.1.26, unauthenticated users could modify existing HIGH · CVE-2026-47123 FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to 1.8.220, the email processin CVE-2026-46599 The TIFF decoder does not place a limit on the size of PackBits-compressed data. A maliciously-crafted image can exploit CVE-2026-46527 cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.44.0, When the server has c CVE-2026-46385 iskorotkov/avro is a fast Go Avro codec. Prior to 2.33.0, the Avro array and map decoders looped over an attacker-contro CVE-2026-46384 iskorotkov/avro is a fast Go Avro codec. Prior to 2.33.0, several Avro decoder paths read attacker-controlled 64-bit val CVE-2026-45700 FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.26.0, FreeRDP's planar bitmap decoder has an CRIT · CVE-2026-45697 Formie is a Craft CMS plugin for creating forms. Prior to 2.2.20 and 3.1.24, unauthenticated users could submit crafted CVE-2026-45613 Rizin is a UNIX-like reverse engineering framework and command-line toolset. There is a heap-buffer-overflow in librz/bi CRIT · CVE-2026-45372 cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.44.0, when cpp-httplib's se MED · CVE-2026-45352 cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.43.4, negative chunk-size i CVE-2026-45324 Rizin is a UNIX-like reverse engineering framework and command-line toolset. There is a double free in librz/core/cmd/cm MED · CVE-2026-45294 FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to 1.8.219, the password reset CVE-2026-45151 NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform. In 0.24.8 and earlier, quic_stream_recv can derefe MED · CVE-2026-45149 The brace-expansion library generates arbitrary strings containing a common prefix and suffix. From 5.0.0 to before 5.0. MED · CVE-2026-44640 NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform. Prior to 0.24.14, aio->prov_data is stored as nni_ HIGH · CVE-2026-44422 FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.26.0, FreeRDP's RDPEAR NDR parser accepts on HIGH · CVE-2018-25405 eNdonesia Portal 8.7 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arb HIGH · CVE-2026-10120 A vulnerability was detected in TRENDnet TEW-432BRP 3.10B20. The affected element is the function formSetFirewallRule of HIGH · CVE-2026-10119 A security vulnerability has been detected in TRENDnet TEW-432BRP 3.10B20. Impacted is the function formSetMACFilter of CVE-2026-46242 In the Linux kernel, the following vulnerability has been resolved: eventpoll: fix ep_remove struct eventpoll / struct MED · CVE-2026-10117 A weakness has been identified in Open5GS up to 2.7.7. This issue affects the function ogs_pool_id_calloc in the library MED · CVE-2026-10116 A security flaw has been discovered in Open5GS up to 2.7.7. This vulnerability affects the function ogs_sbi_xact_add in MED · CVE-2026-10115 A vulnerability was identified in Open5GS up to 2.7.7. This affects an unknown part in the library lib/sbi/nnrf-handler. MED · CVE-2026-10114 A vulnerability was determined in Open5GS up to 2.7.7. Affected by this issue is the function handle_scp_info in the lib HIGH · CVE-2026-9757 The GEO my WP plugin for WordPress is vulnerable to SQL Injection via the 'swlatlng' and 'nelatlng' parameters in all ve HIGH · CVE-2026-7465 The Spectra Gutenberg Blocks – Website Builder for the Block Editor plugin for WordPress is vulnerable to Remote Code Ex HIGH · CVE-2026-7459 The Simple History – Track, Log, and Audit WordPress Changes plugin for WordPress is vulnerable to authenticated (Subscr MED · CVE-2026-10113 A vulnerability was found in Open5GS up to 2.7.7. Affected by this vulnerability is an unknown functionality in the libr MED · CVE-2026-5071 The SocketCAN implementation validates the length of a user-provided buffer containing a socketcan_frame object using on CVE-2026-10112 A vulnerability has been found in sambitraj STUDENT-MANAGEMENT-SYSTEM 1.0. Affected is an unknown function of the compon HIGH · CVE-2026-10111 A flaw has been found in sambitraj STUDENT-MANAGEMENT-SYSTEM 1.0. This impacts an unknown function of the component Logi HIGH · CVE-2026-10110 A vulnerability was detected in code-projects Student Details Management System 1.0. This affects an unknown function of MED · CVE-2026-48840 Exim 4.88 before 4.99.4, in some proxy configurations, mishandles certain short payloads, leading to disclosure of unini MED · CVE-2026-9831 A race condition in the shared Extreme Platform ONE IAM Gateway API-key authentication path could, under specific high-c CVE-2026-4387 StrongDM Desktop Application before 23.74.0 (Desktop Client before 53.77.0) on Microsoft Windows stores authentication s MED · CVE-2026-48811 FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to 1.8.221, FreeScout allows a MED · CVE-2026-48810 FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to 1.8.221, while investigating HIGH · CVE-2026-48557 Spatie Laravel Media Library before version 11.23.0 contains a file upload restriction bypass in FileAdder::defaultSanit HIGH · CVE-2026-48555 Spatie Laravel Media Library before version 11.23.0 contains a server-side request forgery vulnerability that allows rem CVE-2026-47266 Formie is a Craft CMS plugin for creating forms. Prior to 2.2.21 and 3.1.26, unauthenticated users could modify existing HIGH · CVE-2026-47123 FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to 1.8.220, the email processin CVE-2026-46599 The TIFF decoder does not place a limit on the size of PackBits-compressed data. A maliciously-crafted image can exploit CVE-2026-46527 cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.44.0, When the server has c CVE-2026-46385 iskorotkov/avro is a fast Go Avro codec. Prior to 2.33.0, the Avro array and map decoders looped over an attacker-contro CVE-2026-46384 iskorotkov/avro is a fast Go Avro codec. Prior to 2.33.0, several Avro decoder paths read attacker-controlled 64-bit val CVE-2026-45700 FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.26.0, FreeRDP's planar bitmap decoder has an CRIT · CVE-2026-45697 Formie is a Craft CMS plugin for creating forms. Prior to 2.2.20 and 3.1.24, unauthenticated users could submit crafted CVE-2026-45613 Rizin is a UNIX-like reverse engineering framework and command-line toolset. There is a heap-buffer-overflow in librz/bi CRIT · CVE-2026-45372 cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.44.0, when cpp-httplib's se MED · CVE-2026-45352 cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.43.4, negative chunk-size i CVE-2026-45324 Rizin is a UNIX-like reverse engineering framework and command-line toolset. There is a double free in librz/core/cmd/cm MED · CVE-2026-45294 FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to 1.8.219, the password reset CVE-2026-45151 NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform. In 0.24.8 and earlier, quic_stream_recv can derefe MED · CVE-2026-45149 The brace-expansion library generates arbitrary strings containing a common prefix and suffix. From 5.0.0 to before 5.0. MED · CVE-2026-44640 NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform. Prior to 0.24.14, aio->prov_data is stored as nni_ HIGH · CVE-2026-44422 FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.26.0, FreeRDP's RDPEAR NDR parser accepts on