Threat Intelligence Feed

Aggregating 7636 articles from trusted cybersecurity sources

LATEST CVEs
CVE-2026-58489 HedgeDoc is an open source, real-time collaborative markdown notes application. Prior to 1.11.0, the GitHub Gist export CVE-2026-58486 HedgeDoc is an open source, real-time, collaborative, markdown notes application. Prior to version 1.11.0, HedgeDoc was CVE-2026-58102 Crypt::OpenSSL::X509 versions before 2.1.3 for Perl allow a heap out-of-bounds read via a long certificate extension OID CVE-2026-58101 Crypt::OpenSSL::X509 versions before 2.1.3 for Perl allow denial of service via NULL pointer dereference. X509V3_EXT_d2 HIGH · CVE-2026-57856 Cockpit CMS contains a path traversal vulnerability in the Bucket file storage API (/system/buckets/api). The api() meth HIGH · CVE-2026-57855 Cockpit CMS contains a missing authorization vulnerability in the Bucket file storage API (/system/buckets/api). The api MED · CVE-2026-15607 A vulnerability was detected in tanstack db up to 0.6.8. Affected by this vulnerability is the function select of the fi CVE-2026-15605 A security vulnerability has been detected in wandb 0.25.2.dev1. Affected is the function ArtifactManifestEntry.download HIGH · CVE-2026-62328 9Router through version 0.4.41 contain an unauthenticated information disclosure vulnerability that allows remote attack CRIT · CVE-2026-62327 9Router through version 0.4.41 contain an unauthenticated information disclosure vulnerability that allows remote attack HIGH · CVE-2026-62242 Spring Boot Admin Server before 4.1.2 contains a server-side request forgery vulnerability that allows unauthenticated a HIGH · CVE-2026-62240 CrewAI before 1.15.1 contains a server-side request forgery vulnerability in the validate_url function that performs one MED · CVE-2026-62239 FlashAttention through 2.8.3.post1, fixed in commit 0816ef1, contains a symlink attack vulnerability in the download_and HIGH · CVE-2026-62200 OpenClaw versions before 2026.6.1 contain a flaw in host exec environment filtering that could allow Git ext transport t HIGH · CVE-2026-62199 OpenClaw versions before 2026.6.6 contain a flaw in host exec environment filtering that can miss interpreter startup va MED · CVE-2026-62198 OpenClaw versions 2026.5.28 before 2026.6.6 contain an authorization bypass vulnerability in native web search that allo HIGH · CVE-2026-62197 OpenClaw before 2026.6.6 contains a policy bypass vulnerability in browser CDP discovery that accepts blocked WebSocket HIGH · CVE-2026-62196 OpenClaw versions 2026.3.22 before 2026.6.6 contain an authorization bypass vulnerability where WhatsApp group IDs can s HIGH · CVE-2026-62195 OpenClaw versions 2026.5.20 before 2026.6.6 contain an authorization bypass vulnerability in the MCP loopback feature th HIGH · CVE-2026-62194 OpenClaw versions 2026.5.20 before 2026.6.9 contain a privilege escalation vulnerability in plugin install commands that MED · CVE-2026-62193 OpenClaw versions 2026.6.5 before 2026.6.9 contain a vulnerability in the plugin install wrappers that could skip the in HIGH · CVE-2026-62192 OpenClaw versions 2026.6.6 before 2026.6.9 contain an authorization bypass vulnerability in Discord guild actions that a HIGH · CVE-2026-62191 OpenClaw versions 2026.6.6 before 2026.6.9 contain an authorization bypass vulnerability in message mutation handling th HIGH · CVE-2026-62190 OpenClaw versions before 2026.6.9 contain an authorization bypass vulnerability in the flock wrapper that allows lower-t HIGH · CVE-2026-62189 OpenClaw versions before 2026.6.9 contain a symlink following vulnerability in the mirror sync feature that allows lower HIGH · CVE-2026-62188 OpenClaw @openclaw/feishu versions 2026.6.6 and earlier contain an incorrect authorization vulnerability in which the Fe HIGH · CVE-2026-62187 OpenClaw Feishu tools (npm package @openclaw/feishu) in versions <= 2026.6.6 could ignore per-account disablement. A low HIGH · CVE-2026-62186 OpenClaw versions before 2026.6.8 contain an authorization bypass vulnerability in OpenAI-compatible HTTP model override HIGH · CVE-2026-62185 Argo CD Helm Chart before 10.0.0 fails to install network policies by default, allowing any pod on a cluster to access r HIGH · CVE-2026-62184 luci-app-banip contains a log parsing vulnerability where the awk-based parser extracts the first IPv4 address from log HIGH · CVE-2026-61458 PasswordPusher before 2.9.2 contains a brute-force vulnerability in the POST /p/:token/access endpoint that lacks route- CRIT · CVE-2026-59801 9Router through version 0.4.41 contains an unauthenticated access vulnerability that allows remote attackers to interact HIGH · CVE-2026-58500 MCP Appium is an MCP server that provides AI assistants with tools to automate mobile app testing on Android and iOS. In CVE-2026-58488 HedgeDoc is an open source, real-time, collaborative, markdown notes application. Versions prior to 1.11.0 allowed attac CVE-2026-58487 HedgeDoc is an open source, real-time, collaborative, markdown notes application. Prior to version 1.11.0, due to unsafe CVE-2026-58411 ChurchCRM is an open-source church management system. Prior to version 7.4.0, Cross-Site Scripting (XSS) vulnerabilities MED · CVE-2026-56877 The SCORM lab launch endpoint in Skillable (scorm.skillable.com) through 2026-07-13 does not validate the client-supplie CVE-2026-52533 An issue in D-Link DIR-1253 v.1.0.1.250923.142435 allows an attacker to escalate privileges via the etc/shadow component CVE-2026-51821 SQL Injection vulnerability in Shenzhou Shihan Video Conference System v.1.0 allows a remote attacker to execute arbitra CVE-2026-51541 OpENer 2.3.0 (commit 76b95cf) has an out-of-bounds read issue in CIP message parsing when handling malformed explicit re
3362 General 898 Vulnerability Disclosure 819 CVE 628 Campaigns 416 Data Breach 390 Malware

Trending Vendors

Latest News

#StopRansomware: Interlock

Summary Note: This joint Cybersecurity Advisory is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ...

US-CERT Alerts →

Data Breaches