Threat Intelligence Feed

Aggregating 7443 articles from trusted cybersecurity sources

LATEST CVEs
CRIT · CVE-2026-15511 A vulnerability was determined in Comfast CF-WR631AX V3 up to 2.7.0.8. Affected by this vulnerability is the function sy MED · CVE-2026-15510 A vulnerability was found in Leantime up to 3.8.0. Affected is the function Setting::saveSetting of the component API. T MED · CVE-2026-15509 A vulnerability has been found in Leantime up to 3.8.0. This impacts the function editUser/addUser of the component JSON MED · CVE-2026-15508 A flaw has been found in Helicone ai-gateway up to 0.2.0-beta.30. This affects the function build_target_url of the file MED · CVE-2026-15507 A vulnerability was detected in coollabsio Coolify up to 4.1.1. The impacted element is an unknown function of the file HIGH · CVE-2026-15506 A security vulnerability has been detected in SecureAge CatchPulse up to 10.9.3. The affected element is an unknown func CVE-2026-15505 A weakness has been identified in vnotex vnote up to 3.20.1. Impacted is an unknown function of the file /src/data/extra CVE-2026-10668 The Nuvoton NuMaker HSUSBD USB device-controller driver (drivers/usb/udc/udc_numaker.c) armed the control Data IN stage HIGH · CVE-2026-10667 Zephyr's dynamic kernel-object tracking (kernel/userspace/userspace.c, formerly kernel/userspace.c) maintains a doubly-l HIGH · CVE-2026-10666 parse_ipv4() in subsys/net/ip/utils.c (reached via net_ipaddr_parse() for strings of the form "a.b.c.d:port") copies the HIGH · CVE-2026-10665 In Zephyr's WireGuard subsystem (subsys/net/lib/wireguard), wg_process_data_message() in wg_crypto.c linearizes an inbou MED · CVE-2026-10664 The nRF70 Wi-Fi driver's power-save event handler nrf_wifi_event_proc_get_power_save_info() in drivers/wifi/nrf_wifi/src MED · CVE-2026-10663 In Zephyr's experimental USB host stack (CONFIG_USB_HOST_STACK), usbh_device_disconnect() (subsys/usb/host/usbh_device.c HIGH · CVE-2026-58596 Untrusted pointer dereference in Microsoft Edge (Chromium-based) allows an unauthorized attacker to elevate privileges o MED · CVE-2026-15502 A vulnerability was detected in AojiaoZero Antaris 1.0. This affects the function _rewardPurchase of the file /ipn.php o MED · CVE-2026-15501 A security vulnerability has been detected in AstrBotDevs AstrBot up to 4.25.2. Affected by this issue is the function T HIGH · CVE-2026-61876 LuCI versions fail to properly encode DHCPv6 lease hostnames before rendering in status tables, allowing adjacent networ HIGH · CVE-2026-61875 luci-app-upnp contains a stored cross-site scripting vulnerability that allows unauthenticated LAN clients to inject Jav CVE-2026-61874 filebrowser versions before 2.63.17 fail to normalize paths before querying the share index in DeleteWithPathPrefix, all HIGH · CVE-2026-59260 OpenWrt luci-app-samba4 read ACL grants file.exec permission on /usr/sbin/smbd, allowing authenticated delegated users t MED · CVE-2026-56336 Capgo before 12.128.2 contains an information disclosure vulnerability in the unauthenticated /private/sso/check-domain HIGH · CVE-2026-56313 Capgo before 12.128.2 contains a cross-organization account disruption vulnerability in the SSO prelink endpoint that al HIGH · CVE-2026-56308 Capgo before 12.128.2 allows email address changes without requiring current password re-authentication or verification CVE-2026-56281 Capgo before 12.128.2 contains a sql injection vulnerability in the POST /private/admin_stats endpoint where the limit p CRIT · CVE-2026-56271 Flowise before 3.1.0 (affected versions 3.0.13 and earlier) uses weak hardcoded default JWT secrets ('auth_token', 'refr CRIT · CVE-2026-56260 Crawl4AI before 0.8.7 contains an arbitrary file write vulnerability in the Docker API server's /screenshot and /pdf end HIGH · CVE-2026-56259 Crawl4AI before 0.8.8 contains credential exfiltration vulnerabilities in the Docker API server that allow attackers to MED · CVE-2026-56252 Capgo before 12.128.2 contains a scope isolation vulnerability in the POST /webhooks/test endpoint that allows app-scope HIGH · CVE-2026-56241 Capgo before 12.128.2 contains a privilege escalation vulnerability where demoted super_admin users retain access to del HIGH · CVE-2026-56238 Capgo before 12.128.2 contains an information disclosure vulnerability in the Supabase PostgREST global_stats endpoint t MED · CVE-2026-15500 A weakness has been identified in AstrBotDevs AstrBot up to 4.25.2. Affected by this vulnerability is the function get_o MED · CVE-2026-15499 A security flaw has been discovered in AstrBotDevs AstrBot up to 4.25.2. Affected is the function FutureTaskTool.call of HIGH · CVE-2026-15498 A vulnerability was identified in sergomanov SmartHomeAdatum up to cf495353d81b680675eb8d9aa14a318aa45ce12c. This impact HIGH · CVE-2026-15497 A vulnerability was determined in SonicCloudOrg sonic-agent up to 2.7.2. This affects an unknown function of the file so MED · CVE-2026-15496 A vulnerability was found in SonicCloudOrg sonic-agent up to 2.7.2. The impacted element is the function evalIsFailed of MED · CVE-2026-15495 A vulnerability has been found in SonicCloudOrg sonic-agent up to 2.7.2. The affected element is an unknown function of MED · CVE-2026-15494 A flaw has been found in AMTT Hotel Broadband Operation System 1.0. Impacted is an unknown function of the file manager/ CVE-2026-15493 A vulnerability was detected in Akpali9 Attendance-Management-System up to 70b91fe38f4195b701a45f0edcd4f42d5f64aeee. Thi MED · CVE-2026-15492 A security vulnerability has been detected in igweze wizgrade up to b1d55f22b90cd7e7a6e5002f006d7c649e8086d6. This vulne HIGH · CVE-2026-15491 A weakness has been identified in RafyMrX TOKO-ONLINE-ROTI up to ddfe1cd587be0a0b5135d8b6e85cce2ec3aece99. This affects
3255 General 879 Vulnerability Disclosure 814 CVE 611 Campaigns 401 Data Breach 385 Malware

Trending Vendors

Latest News

NSA GRASSMARLIN

View CSAF Summary Successful exploitation of this vulnerability could allow an attacker to disclose sensitive information. The following versions of NSA GRAS...

CISA Advisories →

Data Breaches