Threat Intelligence Feed

Aggregating 7491 articles from trusted cybersecurity sources

LATEST CVEs
HIGH · CVE-2026-58281 Deserialization of untrusted data in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code ove MED · CVE-2026-10660 The Bluetooth BAP Broadcast Assistant GATT client in subsys/bluetooth/audio/bap_broadcast_assistant.c reassembled remote CVE-2026-61870 ImageMagick before 7.1.2-26 contains a memory leak vulnerability in the VIFF encoder when memory allocation fails. Attac CVE-2026-61861 ImageMagick before 7.1.2-26 contains a use-after-free vulnerability in the FormatMagickCaption method when memory alloca CVE-2026-61858 ImageMagick before 7.1.2-26 contains a policy bypass vulnerability in the APNG encoder and external delegates due to mis CVE-2026-61857 ImageMagick before 7.1.2-26 contains a heap use-after-free vulnerability caused by missing null check when parsing XMP p CVE-2026-61465 ImageMagick before 7.1.2-26 and 6.9.13-51 is missing a check for the allowed memory allocation limit in matrix-backed op MED · CVE-2026-61454 The Grav Admin2 plugin (getgrav/grav-plugin-admin2) before 2.0.4 embeds a global JavaScript variable window.__GRAV_CONFI CVE-2026-61448 Parse Server is affected by a stored cross-site scripting (XSS) vulnerability in versions >= 9.0.0, < 9.10.0-alpha.2 and CRIT · CVE-2026-61447 PraisonAI before 1.6.78 contains a remote code execution vulnerability in CodeAgent._execute_python() that executes LLM- CRIT · CVE-2026-61445 PraisonAI before 4.6.78 contains arbitrary file write and command execution vulnerabilities in the AICoder component due HIGH · CVE-2026-61442 PraisonAI Platform (praisonai-platform) before 0.1.9 fails to enforce owner/admin authorization on the PATCH routes for HIGH · CVE-2026-61439 PraisonAI versions before 4.6.78 contain a prompt injection defense misconfiguration where the block threshold defaults HIGH · CVE-2026-61429 PraisonAI versions before 1.6.78 contain a server-side request forgery vulnerability in the Crawl4AI/Chromium backend th HIGH · CVE-2026-61428 PraisonAI AgentMail versions before 4.6.78 lack signature verification in webhook mode, allowing unauthenticated attacke HIGH · CVE-2026-61426 PraisonAI before 1.7.3 contains an insecure default configuration that binds to all interfaces with no API key requireme CRIT · CVE-2026-60090 PraisonAI before 4.6.78 fails to validate the caller-controlled dimension argument in the PGVector and Cassandra knowled MED · CVE-2026-60088 PraisonAI before 4.6.78 fails to validate file path references in custom command templates, allowing attackers to read f MED · CVE-2026-56763 Hono before 4.12.7 allows __proto__ key in parseBody with dot option enabled, permitting specially crafted form field na CVE-2026-56372 ImageMagick before 7.1.2-19 contains a heap buffer overflow vulnerability in the magnify operation that allows attackers HIGH · CVE-2026-56303 Capgo before 12.128.2 contains an information disclosure vulnerability in the find_apikey_by_value PostgreSQL function m MED · CVE-2026-56296 Cap-go before 12.128.2 contains an information disclosure vulnerability in the public.transfer_app RPC function that ret MED · CVE-2026-56240 Capgo before 12.128.12 contains a billing authorization bypass vulnerability in the plan_valid calculation that allows o CVE-2026-57828 The Joomla extension Phoca Downloads is vulnerable to an authenticated arbitrary file upload that allows registered user CVE-2026-57827 The Joomla extension RSFiles is vulnerable to an unauthenticated arbitrary file upload that allows uploading executable HIGH · CVE-2026-1359 The Genolve – AI image AI video generation plugin for WordPress is vulnerable to unauthorized modification of data due t HIGH · CVE-2026-9282 The W3 Total Cache plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.9.4 MED · CVE-2026-9017 The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to authorization bypass in all ve HIGH · CVE-2026-6939 The CorvusPay WooCommerce Payment Gateway plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'app MED · CVE-2026-6801 The Context Blog theme for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and includin HIGH · CVE-2026-4661 The WP CTA – Sticky CTA Builder, Generate Leads, Promote Sales plugin for WordPress is vulnerable to time-based blind SQ MED · CVE-2026-1382 The fresh Podcaster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'freshpodcaster' shortcode HIGH · CVE-2026-15155 The Essential Addons for Elementor – Popular Elementor Templates & Widgets plugin for WordPress is vulnerable to Authent MED · CVE-2026-15010 The bbp Style Pack plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 6 MED · CVE-2026-12994 The WCFM – Frontend Manager for WooCommerce plugin for WordPress is vulnerable to authorization bypass in all versions u MED · CVE-2026-12738 The WP Easy Pay – Payment and Donation form Builder for Square plugin for WordPress is vulnerable to authorization bypas MED · CVE-2026-12126 The WCFM Marketplace – Multivendor Marketplace for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site S MED · CVE-2026-12103 The Wallet for WooCommerce plugin for WordPress is vulnerable to authorization bypass in all versions up to, and includi MED · CVE-2026-11901 The WP Hotel Booking plugin for WordPress is vulnerable to Insufficient Verification of Data Authenticity in all version MED · CVE-2026-11898 The White Label CMS plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions
3289 General 883 Vulnerability Disclosure 814 CVE 613 Campaigns 402 Data Breach 385 Malware

Trending Vendors

Latest News

Data Breaches