Threat Intelligence Feed

Aggregating 7641 articles from trusted cybersecurity sources

LATEST CVEs
CVE-2026-58489 HedgeDoc is an open source, real-time collaborative markdown notes application. Prior to 1.11.0, the GitHub Gist export CVE-2026-58486 HedgeDoc is an open source, real-time, collaborative, markdown notes application. Prior to version 1.11.0, HedgeDoc was CVE-2026-58102 Crypt::OpenSSL::X509 versions before 2.1.3 for Perl allow a heap out-of-bounds read via a long certificate extension OID CVE-2026-58101 Crypt::OpenSSL::X509 versions before 2.1.3 for Perl allow denial of service via NULL pointer dereference. X509V3_EXT_d2 HIGH · CVE-2026-57856 Cockpit CMS contains a path traversal vulnerability in the Bucket file storage API (/system/buckets/api). The api() meth HIGH · CVE-2026-57855 Cockpit CMS contains a missing authorization vulnerability in the Bucket file storage API (/system/buckets/api). The api MED · CVE-2026-15607 A vulnerability was detected in tanstack db up to 0.6.8. Affected by this vulnerability is the function select of the fi CVE-2026-15605 A security vulnerability has been detected in wandb 0.25.2.dev1. Affected is the function ArtifactManifestEntry.download HIGH · CVE-2026-62328 9Router through version 0.4.41 contain an unauthenticated information disclosure vulnerability that allows remote attack CRIT · CVE-2026-62327 9Router through version 0.4.41 contain an unauthenticated information disclosure vulnerability that allows remote attack HIGH · CVE-2026-62242 Spring Boot Admin Server before 4.1.2 contains a server-side request forgery vulnerability that allows unauthenticated a HIGH · CVE-2026-62240 CrewAI before 1.15.1 contains a server-side request forgery vulnerability in the validate_url function that performs one MED · CVE-2026-62239 FlashAttention through 2.8.3.post1, fixed in commit 0816ef1, contains a symlink attack vulnerability in the download_and HIGH · CVE-2026-62200 OpenClaw versions before 2026.6.1 contain a flaw in host exec environment filtering that could allow Git ext transport t HIGH · CVE-2026-62199 OpenClaw versions before 2026.6.6 contain a flaw in host exec environment filtering that can miss interpreter startup va MED · CVE-2026-62198 OpenClaw versions 2026.5.28 before 2026.6.6 contain an authorization bypass vulnerability in native web search that allo HIGH · CVE-2026-62197 OpenClaw before 2026.6.6 contains a policy bypass vulnerability in browser CDP discovery that accepts blocked WebSocket HIGH · CVE-2026-62196 OpenClaw versions 2026.3.22 before 2026.6.6 contain an authorization bypass vulnerability where WhatsApp group IDs can s HIGH · CVE-2026-62195 OpenClaw versions 2026.5.20 before 2026.6.6 contain an authorization bypass vulnerability in the MCP loopback feature th HIGH · CVE-2026-62194 OpenClaw versions 2026.5.20 before 2026.6.9 contain a privilege escalation vulnerability in plugin install commands that MED · CVE-2026-62193 OpenClaw versions 2026.6.5 before 2026.6.9 contain a vulnerability in the plugin install wrappers that could skip the in HIGH · CVE-2026-62192 OpenClaw versions 2026.6.6 before 2026.6.9 contain an authorization bypass vulnerability in Discord guild actions that a HIGH · CVE-2026-62191 OpenClaw versions 2026.6.6 before 2026.6.9 contain an authorization bypass vulnerability in message mutation handling th HIGH · CVE-2026-62190 OpenClaw versions before 2026.6.9 contain an authorization bypass vulnerability in the flock wrapper that allows lower-t HIGH · CVE-2026-62189 OpenClaw versions before 2026.6.9 contain a symlink following vulnerability in the mirror sync feature that allows lower HIGH · CVE-2026-62188 OpenClaw @openclaw/feishu versions 2026.6.6 and earlier contain an incorrect authorization vulnerability in which the Fe HIGH · CVE-2026-62187 OpenClaw Feishu tools (npm package @openclaw/feishu) in versions <= 2026.6.6 could ignore per-account disablement. A low HIGH · CVE-2026-62186 OpenClaw versions before 2026.6.8 contain an authorization bypass vulnerability in OpenAI-compatible HTTP model override HIGH · CVE-2026-62185 Argo CD Helm Chart before 10.0.0 fails to install network policies by default, allowing any pod on a cluster to access r HIGH · CVE-2026-62184 luci-app-banip contains a log parsing vulnerability where the awk-based parser extracts the first IPv4 address from log HIGH · CVE-2026-61458 PasswordPusher before 2.9.2 contains a brute-force vulnerability in the POST /p/:token/access endpoint that lacks route- CRIT · CVE-2026-59801 9Router through version 0.4.41 contains an unauthenticated access vulnerability that allows remote attackers to interact HIGH · CVE-2026-58500 MCP Appium is an MCP server that provides AI assistants with tools to automate mobile app testing on Android and iOS. In CVE-2026-58488 HedgeDoc is an open source, real-time, collaborative, markdown notes application. Versions prior to 1.11.0 allowed attac CVE-2026-58487 HedgeDoc is an open source, real-time, collaborative, markdown notes application. Prior to version 1.11.0, due to unsafe CVE-2026-58411 ChurchCRM is an open-source church management system. Prior to version 7.4.0, Cross-Site Scripting (XSS) vulnerabilities MED · CVE-2026-56877 The SCORM lab launch endpoint in Skillable (scorm.skillable.com) through 2026-07-13 does not validate the client-supplie CVE-2026-52533 An issue in D-Link DIR-1253 v.1.0.1.250923.142435 allows an attacker to escalate privileges via the etc/shadow component CVE-2026-51821 SQL Injection vulnerability in Shenzhou Shihan Video Conference System v.1.0 allows a remote attacker to execute arbitra CVE-2026-51541 OpENer 2.3.0 (commit 76b95cf) has an out-of-bounds read issue in CIP message parsing when handling malformed explicit re
3366 General 898 Vulnerability Disclosure 819 CVE 628 Campaigns 416 Data Breach 390 Malware

Trending Vendors

Latest News

Gamaredon X Turla collab

Notorious APT group Turla collaborates with Gamaredon, both FSB-associated groups, to compromise high‑profile targets in Ukraine

ESET Research →

Data Breaches