Threat Intelligence Feed

Aggregating 7497 articles from trusted cybersecurity sources

LATEST CVEs
CRIT · CVE-2026-15511 A vulnerability was determined in Comfast CF-WR631AX V3 up to 2.7.0.8. Affected by this vulnerability is the function sy MED · CVE-2026-15510 A vulnerability was found in Leantime up to 3.8.0. Affected is the function Setting::saveSetting of the component API. T MED · CVE-2026-15509 A vulnerability has been found in Leantime up to 3.8.0. This impacts the function editUser/addUser of the component JSON MED · CVE-2026-15508 A flaw has been found in Helicone ai-gateway up to 0.2.0-beta.30. This affects the function build_target_url of the file MED · CVE-2026-15507 A vulnerability was detected in coollabsio Coolify up to 4.1.1. The impacted element is an unknown function of the file HIGH · CVE-2026-15506 A security vulnerability has been detected in SecureAge CatchPulse up to 10.9.3. The affected element is an unknown func CVE-2026-15505 A weakness has been identified in vnotex vnote up to 3.20.1. Impacted is an unknown function of the file /src/data/extra CVE-2026-10668 The Nuvoton NuMaker HSUSBD USB device-controller driver (drivers/usb/udc/udc_numaker.c) armed the control Data IN stage HIGH · CVE-2026-10667 Zephyr's dynamic kernel-object tracking (kernel/userspace/userspace.c, formerly kernel/userspace.c) maintains a doubly-l HIGH · CVE-2026-10666 parse_ipv4() in subsys/net/ip/utils.c (reached via net_ipaddr_parse() for strings of the form "a.b.c.d:port") copies the HIGH · CVE-2026-10665 In Zephyr's WireGuard subsystem (subsys/net/lib/wireguard), wg_process_data_message() in wg_crypto.c linearizes an inbou MED · CVE-2026-10664 The nRF70 Wi-Fi driver's power-save event handler nrf_wifi_event_proc_get_power_save_info() in drivers/wifi/nrf_wifi/src MED · CVE-2026-10663 In Zephyr's experimental USB host stack (CONFIG_USB_HOST_STACK), usbh_device_disconnect() (subsys/usb/host/usbh_device.c HIGH · CVE-2026-58596 Untrusted pointer dereference in Microsoft Edge (Chromium-based) allows an unauthorized attacker to elevate privileges o MED · CVE-2026-15502 A vulnerability was detected in AojiaoZero Antaris 1.0. This affects the function _rewardPurchase of the file /ipn.php o MED · CVE-2026-15501 A security vulnerability has been detected in AstrBotDevs AstrBot up to 4.25.2. Affected by this issue is the function T HIGH · CVE-2026-61876 LuCI versions fail to properly encode DHCPv6 lease hostnames before rendering in status tables, allowing adjacent networ HIGH · CVE-2026-61875 luci-app-upnp contains a stored cross-site scripting vulnerability that allows unauthenticated LAN clients to inject Jav CVE-2026-61874 filebrowser versions before 2.63.17 fail to normalize paths before querying the share index in DeleteWithPathPrefix, all HIGH · CVE-2026-59260 OpenWrt luci-app-samba4 read ACL grants file.exec permission on /usr/sbin/smbd, allowing authenticated delegated users t MED · CVE-2026-56336 Capgo before 12.128.2 contains an information disclosure vulnerability in the unauthenticated /private/sso/check-domain HIGH · CVE-2026-56313 Capgo before 12.128.2 contains a cross-organization account disruption vulnerability in the SSO prelink endpoint that al HIGH · CVE-2026-56308 Capgo before 12.128.2 allows email address changes without requiring current password re-authentication or verification CVE-2026-56281 Capgo before 12.128.2 contains a sql injection vulnerability in the POST /private/admin_stats endpoint where the limit p CRIT · CVE-2026-56271 Flowise before 3.1.0 (affected versions 3.0.13 and earlier) uses weak hardcoded default JWT secrets ('auth_token', 'refr CRIT · CVE-2026-56260 Crawl4AI before 0.8.7 contains an arbitrary file write vulnerability in the Docker API server's /screenshot and /pdf end HIGH · CVE-2026-56259 Crawl4AI before 0.8.8 contains credential exfiltration vulnerabilities in the Docker API server that allow attackers to MED · CVE-2026-56252 Capgo before 12.128.2 contains a scope isolation vulnerability in the POST /webhooks/test endpoint that allows app-scope HIGH · CVE-2026-56241 Capgo before 12.128.2 contains a privilege escalation vulnerability where demoted super_admin users retain access to del HIGH · CVE-2026-56238 Capgo before 12.128.2 contains an information disclosure vulnerability in the Supabase PostgREST global_stats endpoint t MED · CVE-2026-15500 A weakness has been identified in AstrBotDevs AstrBot up to 4.25.2. Affected by this vulnerability is the function get_o MED · CVE-2026-15499 A security flaw has been discovered in AstrBotDevs AstrBot up to 4.25.2. Affected is the function FutureTaskTool.call of HIGH · CVE-2026-15498 A vulnerability was identified in sergomanov SmartHomeAdatum up to cf495353d81b680675eb8d9aa14a318aa45ce12c. This impact HIGH · CVE-2026-15497 A vulnerability was determined in SonicCloudOrg sonic-agent up to 2.7.2. This affects an unknown function of the file so MED · CVE-2026-15496 A vulnerability was found in SonicCloudOrg sonic-agent up to 2.7.2. The impacted element is the function evalIsFailed of MED · CVE-2026-15495 A vulnerability has been found in SonicCloudOrg sonic-agent up to 2.7.2. The affected element is an unknown function of MED · CVE-2026-15494 A flaw has been found in AMTT Hotel Broadband Operation System 1.0. Impacted is an unknown function of the file manager/ CVE-2026-15493 A vulnerability was detected in Akpali9 Attendance-Management-System up to 70b91fe38f4195b701a45f0edcd4f42d5f64aeee. Thi MED · CVE-2026-15492 A security vulnerability has been detected in igweze wizgrade up to b1d55f22b90cd7e7a6e5002f006d7c649e8086d6. This vulne HIGH · CVE-2026-15491 A weakness has been identified in RafyMrX TOKO-ONLINE-ROTI up to ddfe1cd587be0a0b5135d8b6e85cce2ec3aece99. This affects
3293 General 883 Vulnerability Disclosure 814 CVE 613 Campaigns 402 Data Breach 385 Malware

Trending Vendors

Latest News

Data Breaches