Threat Intelligence Feed

Aggregating 7488 articles from trusted cybersecurity sources

LATEST CVEs
HIGH · CVE-2026-58281 Deserialization of untrusted data in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code ove MED · CVE-2026-10660 The Bluetooth BAP Broadcast Assistant GATT client in subsys/bluetooth/audio/bap_broadcast_assistant.c reassembled remote CVE-2026-61870 ImageMagick before 7.1.2-26 contains a memory leak vulnerability in the VIFF encoder when memory allocation fails. Attac CVE-2026-61861 ImageMagick before 7.1.2-26 contains a use-after-free vulnerability in the FormatMagickCaption method when memory alloca CVE-2026-61858 ImageMagick before 7.1.2-26 contains a policy bypass vulnerability in the APNG encoder and external delegates due to mis CVE-2026-61857 ImageMagick before 7.1.2-26 contains a heap use-after-free vulnerability caused by missing null check when parsing XMP p CVE-2026-61465 ImageMagick before 7.1.2-26 and 6.9.13-51 is missing a check for the allowed memory allocation limit in matrix-backed op MED · CVE-2026-61454 The Grav Admin2 plugin (getgrav/grav-plugin-admin2) before 2.0.4 embeds a global JavaScript variable window.__GRAV_CONFI CVE-2026-61448 Parse Server is affected by a stored cross-site scripting (XSS) vulnerability in versions >= 9.0.0, < 9.10.0-alpha.2 and CRIT · CVE-2026-61447 PraisonAI before 1.6.78 contains a remote code execution vulnerability in CodeAgent._execute_python() that executes LLM- CRIT · CVE-2026-61445 PraisonAI before 4.6.78 contains arbitrary file write and command execution vulnerabilities in the AICoder component due HIGH · CVE-2026-61442 PraisonAI Platform (praisonai-platform) before 0.1.9 fails to enforce owner/admin authorization on the PATCH routes for HIGH · CVE-2026-61439 PraisonAI versions before 4.6.78 contain a prompt injection defense misconfiguration where the block threshold defaults HIGH · CVE-2026-61429 PraisonAI versions before 1.6.78 contain a server-side request forgery vulnerability in the Crawl4AI/Chromium backend th HIGH · CVE-2026-61428 PraisonAI AgentMail versions before 4.6.78 lack signature verification in webhook mode, allowing unauthenticated attacke HIGH · CVE-2026-61426 PraisonAI before 1.7.3 contains an insecure default configuration that binds to all interfaces with no API key requireme CRIT · CVE-2026-60090 PraisonAI before 4.6.78 fails to validate the caller-controlled dimension argument in the PGVector and Cassandra knowled MED · CVE-2026-60088 PraisonAI before 4.6.78 fails to validate file path references in custom command templates, allowing attackers to read f MED · CVE-2026-56763 Hono before 4.12.7 allows __proto__ key in parseBody with dot option enabled, permitting specially crafted form field na CVE-2026-56372 ImageMagick before 7.1.2-19 contains a heap buffer overflow vulnerability in the magnify operation that allows attackers HIGH · CVE-2026-56303 Capgo before 12.128.2 contains an information disclosure vulnerability in the find_apikey_by_value PostgreSQL function m MED · CVE-2026-56296 Cap-go before 12.128.2 contains an information disclosure vulnerability in the public.transfer_app RPC function that ret MED · CVE-2026-56240 Capgo before 12.128.12 contains a billing authorization bypass vulnerability in the plan_valid calculation that allows o CVE-2026-57828 The Joomla extension Phoca Downloads is vulnerable to an authenticated arbitrary file upload that allows registered user CVE-2026-57827 The Joomla extension RSFiles is vulnerable to an unauthenticated arbitrary file upload that allows uploading executable HIGH · CVE-2026-1359 The Genolve – AI image AI video generation plugin for WordPress is vulnerable to unauthorized modification of data due t HIGH · CVE-2026-9282 The W3 Total Cache plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.9.4 MED · CVE-2026-9017 The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to authorization bypass in all ve HIGH · CVE-2026-6939 The CorvusPay WooCommerce Payment Gateway plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'app MED · CVE-2026-6801 The Context Blog theme for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and includin HIGH · CVE-2026-4661 The WP CTA – Sticky CTA Builder, Generate Leads, Promote Sales plugin for WordPress is vulnerable to time-based blind SQ MED · CVE-2026-1382 The fresh Podcaster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'freshpodcaster' shortcode HIGH · CVE-2026-15155 The Essential Addons for Elementor – Popular Elementor Templates & Widgets plugin for WordPress is vulnerable to Authent MED · CVE-2026-15010 The bbp Style Pack plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 6 MED · CVE-2026-12994 The WCFM – Frontend Manager for WooCommerce plugin for WordPress is vulnerable to authorization bypass in all versions u MED · CVE-2026-12738 The WP Easy Pay – Payment and Donation form Builder for Square plugin for WordPress is vulnerable to authorization bypas MED · CVE-2026-12126 The WCFM Marketplace – Multivendor Marketplace for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site S MED · CVE-2026-12103 The Wallet for WooCommerce plugin for WordPress is vulnerable to authorization bypass in all versions up to, and includi MED · CVE-2026-11901 The WP Hotel Booking plugin for WordPress is vulnerable to Insufficient Verification of Data Authenticity in all version MED · CVE-2026-11898 The White Label CMS plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions
3289 General 883 Vulnerability Disclosure 814 CVE 612 Campaigns 401 Data Breach 384 Malware

Trending Vendors

Latest News

VRP 2025 Year in Review

Posted by Dirk Göhmann, Tony Mendez, and the Vulnerability Rewards Program Team 2025 marked a special year in the history of vulnerability rewards and bug bo...

Google Security Blog →

Data Breaches