/

Threat Intelligence Feed

Aggregating 2989 articles from trusted cybersecurity sources

/
All General CVE Vulnerability Disclosure Campaigns Data Breach Malware Ransomware Zero-Day
LATEST CVEs
MED · CVE-2026-9104 The Draft List plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Draft Post Title in all versions up HIGH · CVE-2026-9018 The Easy Elements for Elementor – Addons & Website Templates plugin for WordPress is vulnerable to Privilege Escalation MED · CVE-2026-7509 The KIA Subtitle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `the-subtitle` short MED · CVE-2026-7249 The Location Weather plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability c MED · CVE-2026-6864 The CBX 5 Star Rating & Review plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' param MED · CVE-2026-4070 The Alfie – Feed Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and incl MED · CVE-2026-44409 There is an an information disclosure vulnerability in ZTE MU5250. Due to improper configuration of the access control m MED · CVE-2026-3481 The WP Blockade plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'shortcode' parameter in al MED · CVE-2026-2518 The FastX theme for WordPress is vulnerable to unauthorized limited plugin installation and activation due to missing ca CVE-2026-9054 An attacker sending tcp, il, rudp, rudp, or gre packets with a length less than the header size would trigger a kernel p CVE-2026-9053 Mothra would respect a default value given by a website for HTML file upload forms. An attacker could craft a website wi HIGH · CVE-2026-4834 The WP ERP Pro plugin for WordPress is vulnerable to SQL Injection via the 'search_key' parameter in all versions up to, CVE-2026-46598 For certain crafted inputs, a 'ed25519.PrivateKey' was created by casting malformed wire bytes, leading to a panic when CVE-2026-46597 An incorrectly placed cast from bytes to int allowed for server-side panic in the AES-GCM packet decoder for well-crafte CVE-2026-46595 Previously, CVE-2024-45337 fixed an authorization bypass for misused ssh server configurations; if any other type of cal CVE-2026-42508 Previously, a revoked 'SignatureKey' belonging to a CA was not correctly checked for revocation. Now, both the 'key' and CVE-2026-39835 SSH servers which use CertChecker as a public key callback without setting IsUserAuthority or IsHostAuthority could be c CVE-2026-39834 When writing data larger than 4GB in a single Write call on an SSH channel, an integer overflow in the internal payload CVE-2026-39833 The in-memory keyring returned by NewKeyring() silently accepted keys with the ConfirmBeforeUse constraint but never enf CVE-2026-39832 When adding a key to a remote agent constraint extensions such as restrict-destination-v00@openssh.com were not serializ CVE-2026-39831 The Verify() method for FIDO/U2F security key types (sk-ecdsa-sha2-nistp256@openssh.com, sk-ssh-ed25519@openssh.com) did CVE-2026-39830 A malicious SSH peer could send unsolicited global request responses to fill an internal buffer, blocking the connection CVE-2026-39829 The RSA and DSA public key parsers did not enforce size limits on key parameters. A crafted public key with an excessive CVE-2026-39828 When an SSH server authentication callback returned PartialSuccessError with non-nil Permissions, those permissions were CVE-2026-39827 An authenticated SSH client that repeatedly opened channels which were rejected by the server caused unbounded memory gr CVE-2026-9264 A cross-site scripting (XSS) vulnerability in SketchUp 2026's Dynamic Components feature allows remote code execution an HIGH · CVE-2026-34911 A malicious actor with access to the network and low privileges could exploit a Path Traversal vulnerability found in Un CRIT · CVE-2026-34910 A malicious actor with access to the network could exploit an Improper Input Validation vulnerability found in UniFi OS CRIT · CVE-2026-34909 A malicious actor with access to the network could exploit a Path Traversal vulnerability found in UniFi OS devices to a CRIT · CVE-2026-34908 A malicious actor with access to the network could exploit an Improper Access Control vulnerability found in UniFi OS de CRIT · CVE-2026-33000 A malicious actor with access to the network and high privileges could exploit an Improper Input Validation vulnerabilit CVE-2026-5297 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. CVE-2026-8435 Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/backend/file appr CVE-2026-8434 Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/backend/file resc CVE-2026-8433 Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/backend/file resc CVE-2026-8432 Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/backend/file star CVE-2026-8427 Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/backend/file remo CVE-2026-8416 Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/backend/file addF CVE-2026-8415 Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/dialog/express/as CVE-2026-8414 Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/dialog/event/dupl
1237 General 390 CVE 387 Vulnerability Disclosure 215 Campaigns 165 Data Breach 148 Malware

Trending Vendors

Microsoft (354) Google (174) Amazon (127) Apple (84) Intel (82) Linux (81) Cisco (77) GitHub (66) Palo Alto Networks (65) Oracle (29) Cloudflare (22) F5 (22) Check Point (20) Trend Micro (20) Rapid7 (19)

Latest News

Data Breaches

FreeIntelHub · Open-source CTI platform

All articles belong to their respective owners. FreeIntelHub aggregates publicly available RSS feeds for informational purposes only. DMCA